mirror of
https://github.com/Llewellynvdm/Tomb.git
synced 2024-12-23 02:28:58 +00:00
f8df67fcd0
there where variable names left over after the code refactoring they have now correct names or are filled, messages stay the same fixes #138
2580 lines
80 KiB
Bash
Executable File
2580 lines
80 KiB
Bash
Executable File
#!/bin/zsh
|
|
#
|
|
# Tomb, the Crypto Undertaker
|
|
#
|
|
# A commandline tool to easily operate encryption of secret data
|
|
#
|
|
# Homepage on: [tomb.dyne.org](http://tomb.dyne.org)
|
|
|
|
# {{{ License
|
|
|
|
# Copyright (C) 2007-2014 Dyne.org Foundation
|
|
#
|
|
# Tomb is designed, written and maintained by Denis Roio <jaromil@dyne.org>
|
|
#
|
|
# With contributions by Anathema, Boyska and Hellekin O. Wolf.
|
|
#
|
|
# Testing and reviews are contributed by Dreamer, Shining,
|
|
# Mancausoft, Asbesto Molesto and Nignux.
|
|
#
|
|
# Tomb's artwork is contributed by Jordi aka Mon Mort.
|
|
|
|
#This source code is free software; you can redistribute it
|
|
#and/or modify it under the terms of the GNU Public License
|
|
#as published by the Free Software Foundation; either
|
|
#version 3 of the License, or (at your option) any later
|
|
#version.
|
|
#
|
|
#This source code is distributed in the hope that it will be
|
|
#useful, but WITHOUT ANY WARRANTY; without even the implied
|
|
#warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
|
|
#PURPOSE. Please refer to the GNU Public License for more
|
|
#details.
|
|
#
|
|
#You should have received a copy of the GNU Public License
|
|
#along with this source code; if not, write to: Free
|
|
#Software Foundation, Inc., 675 Mass Ave, Cambridge, MA
|
|
#02139, USA.
|
|
|
|
# }}} - License
|
|
|
|
# {{{ Global variables
|
|
|
|
VERSION=1.6
|
|
DATE="Sept/2014"
|
|
TOMBEXEC=$0
|
|
typeset -a OLDARGS
|
|
for arg in ${argv}; do OLDARGS+=($arg); done
|
|
DD="dd"
|
|
WIPE="rm -f"
|
|
MKFS="mkfs.ext3 -q -F -j -L"
|
|
KDF=1
|
|
STEGHIDE=1
|
|
RESIZER=1
|
|
SWISH=1
|
|
QRENCODE=1
|
|
MOUNTOPTS="rw,noatime,nodev"
|
|
|
|
# prefix for temporary files
|
|
TMPPREFIX="/dev/shm/$$.$RANDOM."
|
|
|
|
# makes glob matching case insensitive
|
|
unsetopt CASE_MATCH
|
|
|
|
typeset -AH global_opts
|
|
typeset -AH opts
|
|
typeset -H username
|
|
|
|
typeset -H _uid
|
|
typeset -H _gid
|
|
typeset -H _tty
|
|
|
|
typeset -H tomb_file
|
|
|
|
typeset -H tomb_key
|
|
typeset -H tomb_key_file
|
|
typeset -H tomb_secret
|
|
typeset -H tomb_password
|
|
|
|
typeset -aH tomb_tempfiles
|
|
typeset -aH tomb_loopdevs
|
|
|
|
# Make sure sbin is in PATH
|
|
PATH+=:/sbin:/usr/sbin
|
|
|
|
# For gettext
|
|
export TEXTDOMAIN=tomb
|
|
|
|
# }}}
|
|
|
|
# {{{ Safety functions
|
|
|
|
endgame() {
|
|
# here clear all temp files and flush all pipes
|
|
|
|
# prepare some random material to overwrite vars
|
|
rr="$RANDOM"
|
|
while [[ ${#rr} -lt 500 ]]; do
|
|
rr+="$RANDOM"; done
|
|
# we make sure no info is left in unallocated mem
|
|
tomb_file="$rr"; unset tomb_file
|
|
tomb_key="$rr"; unset tomb_key
|
|
tomb_key_file="$rr"; unset tomb_key_file
|
|
tomb_secret="$rr"; unset tomb_secret
|
|
tomb_password="$rr"; unset tomb_password
|
|
|
|
for f in $tomb_tempfiles; do
|
|
${=WIPE} "$f"; done
|
|
unset tomb_tempfiles
|
|
|
|
for l in $tomb_loopdevs; do
|
|
losetup -d "$l"; done
|
|
unset tomb_loopdevs
|
|
}
|
|
|
|
# trap functions for the endgame event
|
|
TRAPINT() { endgame INT }
|
|
TRAPEXIT() { endgame EXIT }
|
|
TRAPHUP() { endgame HUP }
|
|
TRAPQUIT() { endgame QUIT }
|
|
TRAPABRT() { endgame ABORT }
|
|
TRAPKILL() { endgame KILL }
|
|
TRAPPIPE() { endgame PIPE }
|
|
TRAPTERM() { endgame TERM }
|
|
TRAPSTOP() { endgame STOP }
|
|
|
|
check_shm() {
|
|
# TODO: configure which tmp dir to use from a cli flag
|
|
SHMPREFIX=/dev/shm
|
|
|
|
[[ -k /dev/shm ]] || [[ -k /run/shm ]] && { SHMPREFIX=/run/shm } \
|
|
|| {
|
|
# mount the tmpfs if the SO doesn't already
|
|
mkdir /run/shm
|
|
[[ $? = 0 ]] || {
|
|
fatal "Fatal error creating a directory for temporary files"
|
|
return 1 }
|
|
mount -t tmpfs tmpfs /run/shm \
|
|
-o nosuid,noexec,nodev,mode=0600,uid="$_uid",gid="$_gid"
|
|
[[ $? = 0 ]] || {
|
|
fatal "Fatal error mounting tmpfs in /run/shm for temporary files"
|
|
return 1 }
|
|
|
|
SHMPREFIX=/run/shm
|
|
}
|
|
|
|
# setup a special env var for zsh to create temp files that will
|
|
# then be deleted at the exit of each function using them.
|
|
TMPPREFIX="$SHMPREFIX/$$.$RANDOM."
|
|
return 0
|
|
}
|
|
|
|
# Provide a random filename in shared memory
|
|
tmp_create() {
|
|
local tfile="${TMPPREFIX}${RANDOM}"
|
|
touch "$tfile"
|
|
[[ $? = 0 ]] || {
|
|
fatal "Fatal error creating a temporary file: ::1 temp file::" $tfile
|
|
return 1 }
|
|
chown "$_uid":"$_gid" "$tfile"
|
|
chmod 0600 "$tfile"
|
|
[[ $? = 0 ]] || {
|
|
fatal "Fatal error setting permissions on temporary file: ::1 temp file::" $tfile
|
|
return 1 }
|
|
_verbose "Created tempfile: ::1 temp file::" $tfile
|
|
tomb_tempfiles+=($tfile)
|
|
return 0
|
|
}
|
|
tmp_new() {
|
|
# print out the latest tempfile
|
|
print - "${tomb_tempfiles[${#tomb_tempfiles}]}"
|
|
}
|
|
|
|
# Check if swap is activated
|
|
check_swap() {
|
|
# Return 0 if NO swap is used, 1 if swap is used
|
|
# Return 2 if swap(s) is(are) used, but ALL encrypted
|
|
local swaps="$(awk '/^\// { print $1 }' /proc/swaps 2>/dev/null)"
|
|
[[ -z "$swaps" ]] && return 0 # No swap partition is active
|
|
# Check whether all swaps are encrypted, and return 2
|
|
# If any of the swaps is not encrypted, we bail out and return 1.
|
|
ret=1
|
|
for s in $=swaps; do
|
|
bone=`sudo file $s`
|
|
if [[ "$bone" =~ "swap file" ]]; then
|
|
# It's a regular (unencrypted) swap file
|
|
ret=1
|
|
break
|
|
elif [[ "$bone" =~ "symbolic link" ]]; then
|
|
# Might link to a block
|
|
ret=1
|
|
if [ "/dev/mapper" = "${s%/*}" ]; then
|
|
is_crypt=`sudo dmsetup status "$s" | awk '/crypt/ {print $3}'`
|
|
if [ "crypt" = "$is_crypt" ]; then
|
|
ret=2
|
|
fi
|
|
else
|
|
break
|
|
fi
|
|
elif [[ "$bone" =~ "block special" ]]; then
|
|
# Is a block
|
|
ret=1
|
|
is_crypt=`sudo dmsetup status "$s" | awk '/crypt/ {print $3}'`
|
|
if [ "crypt" = "$is_crypt" ]; then
|
|
ret=2
|
|
else
|
|
break
|
|
fi
|
|
fi
|
|
done
|
|
_warning "An active swap partition is detected, this poses security risks."
|
|
if [[ $ret -eq 2 ]]; then
|
|
_success "All your swaps are belong to crypt. Good."
|
|
else
|
|
_warning "You can deactivate all swap partitions using the command:"
|
|
_warning " swapoff -a"
|
|
_warning "But if you want to proceed like this, use the -f (force) flag."
|
|
_failure "Operation aborted."
|
|
fi
|
|
return $ret
|
|
}
|
|
|
|
# Wrapper to allow encrypted swap and remind the user about
|
|
# possible data leaks to disk if swap is on, and not to be ignored
|
|
_check_swap() {
|
|
if ! option_is_set -f && ! option_is_set --ignore-swap; then
|
|
check_swap
|
|
case $? in
|
|
0|2) # No, or encrypted swap
|
|
return 0
|
|
;;
|
|
*) # Unencrypted swap
|
|
return 1
|
|
;;
|
|
esac
|
|
fi
|
|
}
|
|
|
|
# Ask user for a password
|
|
ask_password() {
|
|
# we use pinentry now
|
|
# comes from gpg project and is much more secure
|
|
# it also conveniently uses the right toolkit
|
|
|
|
# pinentry has no custom icon setting
|
|
# so we need to temporary modify the gtk theme
|
|
if [ -r /usr/local/share/themes/tomb/gtk-2.0-key/gtkrc ]; then
|
|
GTK2_RC=/usr/local/share/themes/tomb/gtk-2.0-key/gtkrc
|
|
elif [ -r /usr/share/themes/tomb/gtk-2.0-key/gtkrc ]; then
|
|
GTK2_RC=/usr/share/themes/tomb/gtk-2.0-key/gtkrc
|
|
fi
|
|
|
|
title="Insert tomb password."
|
|
if [ $2 ]; then title="$2"; fi
|
|
|
|
output=`cat <<EOF | GTK2_RC_FILES=${GTK2_RC} pinentry 2>/dev/null | tail -n +7
|
|
OPTION ttyname=$TTY
|
|
OPTION lc-ctype=$LANG
|
|
SETTITLE $title
|
|
SETDESC $1
|
|
SETPROMPT Password:
|
|
GETPIN
|
|
EOF`
|
|
if [[ `tail -n1 <<<$output` =~ ERR ]]; then
|
|
return 1
|
|
fi
|
|
head -n1 <<<$output | awk '/^D / { sub(/^D /, ""); print }'
|
|
return 0
|
|
}
|
|
|
|
# Drop privileges
|
|
exec_as_user() {
|
|
if ! [ $SUDO_USER ]; then
|
|
exec $@[@]
|
|
return $?
|
|
fi
|
|
_verbose "exec_as_user '::1 user::': ::2::" $SUDO_USER ${(f)@}
|
|
sudo -u $SUDO_USER "${@[@]}"
|
|
return $?
|
|
}
|
|
|
|
#Escalate privileges
|
|
check_priv() {
|
|
# save original user
|
|
username=$USER
|
|
if [ $UID != 0 ]; then
|
|
_verbose "Using sudo for root execution of '::1 exec:: ::2 args::'." $TOMBEXEC ${(f)OLDARGS}
|
|
# check if sudo has a timestamp active
|
|
sudok=false
|
|
|
|
if ! option_is_set --sudo-pwd; then
|
|
if [ $? != 0 ]; then # if not then ask a password
|
|
cat <<EOF | pinentry 2>/dev/null | awk '/^D / { sub(/^D /, ""); print }' | sudo -S -v
|
|
OPTION ttyname=$TTY
|
|
OPTION lc-ctype=$LANG
|
|
SETTITLE Super user privileges required
|
|
SETDESC Sudo execution of Tomb ${OLDARGS[@]}
|
|
SETPROMPT Insert your USER password:
|
|
GETPIN
|
|
EOF
|
|
fi
|
|
else
|
|
_verbose "Escalating privileges using sudo-pwd."
|
|
sudo -S -v <<<`option_value --sudo-pwd`
|
|
fi
|
|
sudo "${TOMBEXEC}" -U ${UID} -G ${GID} -T ${TTY} "${(@)OLDARGS}"
|
|
exit $?
|
|
fi # are we root already
|
|
|
|
# make sure necessary kernel modules are loaded
|
|
modprobe dm_mod
|
|
modprobe dm_crypt
|
|
|
|
return 0
|
|
}
|
|
|
|
# check if a filename is a valid tomb
|
|
is_valid_tomb() {
|
|
_verbose "is_valid_tomb ::1 tomb file::" $1
|
|
# argument check
|
|
{ test "$1" = "" } && {
|
|
_warning "Tomb file is missing from arguments."; return 1 }
|
|
# file checks
|
|
{ test -r "$1" } || {
|
|
_warning "Tomb file not found: ::1 tomb file::" $1; return 1 }
|
|
{ test -f "$1" } || {
|
|
_warning "Tomb file is not a regular file: ::1 tomb file::" $1; return 1 }
|
|
{ test -s "$1" } || {
|
|
_warning "Tomb file is empty (zero length): ::1 tomb file::" $1; return 1 }
|
|
{ test -w "$1" } || {
|
|
_warning "Tomb file is not writable: ::1 tomb file::" $1; return 1 }
|
|
|
|
# check file type (if its a Luks fs)
|
|
file "$1" | grep -i "luks encrypted file" > /dev/null || {
|
|
_warning "File is not yet a tomb: ::1 tomb file::" $1}
|
|
|
|
# check if its already open
|
|
tombfile=`basename $1`
|
|
tombname=${tombfile%%\.*}
|
|
mount -l | grep "${tombfile}.*\[$tombname\]$" > /dev/null
|
|
{ test $? = 0 } && {
|
|
_warning "Tomb is currently in use: ::1 tomb name::" $tombname; return 1 }
|
|
_message "Valid tomb file found: ::1 tomb file::" $1
|
|
return 0
|
|
}
|
|
|
|
# $1 is the tomb file to be lomounted
|
|
lo_mount() {
|
|
tpath="$1"
|
|
is_valid_tomb "$tpath" || {
|
|
_failure "Loopback mount called on invalid tomb: ::1 path::" $tpath }
|
|
|
|
# check if we have support for loop mounting
|
|
losetup -f >& -
|
|
[[ $? = 0 ]] || {
|
|
_warning "Loop mount of volumes is not possible on this machine, this error"
|
|
_warning "often occurs on VPS and kernels that don't provide the loop module."
|
|
_warning "It is impossible to use Tomb on this machine at this conditions."
|
|
_failure "Operation aborted."
|
|
}
|
|
|
|
_nstloop=`losetup -f` # get the number for next loopback device
|
|
|
|
losetup -f "$tpath" >& - # allocates the next loopback for our file
|
|
|
|
tomb_loopdevs+=("$_nstloop") # add to array of lodevs used
|
|
|
|
return 0
|
|
}
|
|
|
|
# print out latest loopback mounted
|
|
lo_new() { print - "${tomb_loopdevs[${#tomb_loopdevs}]}" }
|
|
|
|
# $1 is the path to the lodev to be preserved after quit
|
|
lo_preserve() {
|
|
_verbose "lo_preserve on ::1 path::" $1
|
|
# remove the lodev from the tomb_lodevs array
|
|
tomb_loopdevs=("${(@)tomb_loopdevs:#$1}")
|
|
}
|
|
|
|
# eventually used for debugging
|
|
dump_secrets() {
|
|
_verbose "tomb_file: ::1 tomb file::" $tomb_file
|
|
_verbose "tomb_key: ::1 key:: chars long" ${#tomb_key}
|
|
_verbose "tomb_key_file: ::1 key::" $tomb_key_file
|
|
_verbose "tomb_secret: ::1 secret:: chars long" ${#tomb_secret}
|
|
_verbose "tomb_password: ::1 tomb pass::" $tomb_password
|
|
|
|
_verbose "tomb_tempfiles: ::1 temp files::" ${(@)tomb_tempfiles}
|
|
_verbose "tomb_loopdevs: ::1 loopdevs::" ${(@)tomb_loopdevs}
|
|
}
|
|
# }}}
|
|
|
|
# {{{ Commandline interaction
|
|
|
|
usage() {
|
|
_print "Syntax: tomb [options] command [arguments]"
|
|
_print "\000"
|
|
_print "Commands:"
|
|
_print "\000"
|
|
_print " // Creation:"
|
|
_print " dig create a new empty TOMB file of size -s in MB"
|
|
_print " forge create a new KEY file and set its password"
|
|
_print " lock installs a lock on a TOMB to use it with KEY"
|
|
_print "\000"
|
|
_print " // Operations on tombs:"
|
|
_print " open open an existing TOMB"
|
|
_print " index update the search indexes of tombs"
|
|
_print " search looks for filenames matching text patterns"
|
|
_print " list list of open TOMBs and information on them"
|
|
_print " close close a specific TOMB (or 'all')"
|
|
_print " slam slam a TOMB killing all programs using it"
|
|
if [ "$RESIZER" = 1 ]; then
|
|
_print " resize resize a TOMB to a new size -s (can only grow)"
|
|
fi
|
|
_print "\000"
|
|
_print " // Operations on keys:"
|
|
_print " passwd change the password of a KEY"
|
|
_print " setkey change the KEY locking a TOMB (needs old one)"
|
|
_print "\000"
|
|
{ test "$QRENCODE" = "1" } && {
|
|
_print " engrave makes a QR code of a KEY to be saved on paper"
|
|
}
|
|
_print "\000"
|
|
if [ "$STEGHIDE" = 1 ]; then
|
|
_print " bury hide a KEY inside a JPEG image"
|
|
_print " exhume extract a KEY from a JPEG image"
|
|
fi
|
|
_print "\000"
|
|
_print "Options:"
|
|
_print "\000"
|
|
_print " -s size of the tomb file when creating/resizing one (in MB)"
|
|
_print " -k path to the key to be used ('-k -' to read from stdin)"
|
|
_print " -n don't process the hooks found in tomb"
|
|
_print " -o mount options used to open (default: rw,noatime,nodev)"
|
|
_print " -f force operation (i.e. even if swap is active)"
|
|
{ test "$KDF" = 1 } && {
|
|
_print " --kdf generate passwords armored against dictionary attacks"
|
|
}
|
|
|
|
_print "\000"
|
|
_print " -h print this help"
|
|
_print " -v print version, license and list of available ciphers"
|
|
_print " -q run quietly without printing informations"
|
|
_print " -D print debugging information at runtime"
|
|
_print "\000"
|
|
_print "For more informations on Tomb read the manual: man tomb"
|
|
_print "Please report bugs on <http://github.com/dyne/tomb/issues>."
|
|
}
|
|
|
|
|
|
# Check an option
|
|
option_is_set() {
|
|
# First argument, the commandline flag (i.e. "-s").
|
|
# Second (optional) argument: if "out", command will print it out 'set'/'unset'
|
|
# (useful for if conditions).
|
|
# Return 0 if is set, 1 otherwise
|
|
[[ -n ${(k)opts[$1]} ]];
|
|
r=$?
|
|
if [[ $2 == out ]]; then
|
|
if [[ $r == 0 ]]; then
|
|
echo 'set'
|
|
else
|
|
echo 'unset'
|
|
fi
|
|
fi
|
|
return $r;
|
|
}
|
|
|
|
# Get an option value
|
|
option_value() {
|
|
# First argument, the commandline flag (i.e. "-s").
|
|
print -n - "${opts[$1]}"
|
|
}
|
|
|
|
# Messaging function with pretty coloring
|
|
function _msg() {
|
|
local msg="$(gettext -s "$2")"
|
|
for i in $(seq 3 ${#});
|
|
do
|
|
msg=${(S)msg//::$(($i - 2))*::/$*[$i]}
|
|
done
|
|
|
|
local command="print -P"
|
|
local progname="$fg[magenta]${TOMBEXEC##*/}$reset_color"
|
|
local message="$fg_bold[normal]$fg_no_bold[normal]$msg$reset_color"
|
|
local -i returncode
|
|
|
|
case "$1" in
|
|
inline)
|
|
command+=" -n"; pchars=" > "; pcolor="yellow"
|
|
;;
|
|
message)
|
|
pchars=" . "; pcolor="white"; message="$fg_no_bold[$pcolor]$msg$reset_color"
|
|
;;
|
|
verbose)
|
|
pchars="[D]"; pcolor="blue"
|
|
;;
|
|
success)
|
|
pchars="(*)"; pcolor="green"; message="$fg_no_bold[$pcolor]$msg$reset_color"
|
|
;;
|
|
warning)
|
|
pchars="[W]"; pcolor="yellow"; message="$fg_no_bold[$pcolor]$msg$reset_color"
|
|
;;
|
|
failure)
|
|
pchars="[E]"; pcolor="red"; message="$fg_no_bold[$pcolor]$msg$reset_color"
|
|
returncode=1
|
|
;;
|
|
print)
|
|
progname=""
|
|
;;
|
|
*)
|
|
pchars="[F]"; pcolor="red"
|
|
message="Developer oops! Usage: _msg MESSAGE_TYPE \"MESSAGE_CONTENT\""
|
|
returncode=127
|
|
;;
|
|
esac
|
|
${=command} "${progname} $fg_bold[$pcolor]$pchars$reset_color ${message}$color[reset_color]" >&2
|
|
return $returncode
|
|
}
|
|
|
|
function _message say() {
|
|
local notice="message"
|
|
[[ "$1" = "-n" ]] && shift && notice="inline"
|
|
option_is_set -q || _msg "$notice" $@
|
|
return 0
|
|
}
|
|
|
|
function _verbose xxx() {
|
|
option_is_set -D && _msg verbose $@
|
|
return 0
|
|
}
|
|
|
|
function _success yes() {
|
|
option_is_set -q || _msg success $@
|
|
return 0
|
|
}
|
|
|
|
function _warning no() {
|
|
option_is_set -q || _msg warning $@
|
|
return 1
|
|
}
|
|
|
|
function _failure die() {
|
|
typeset -i exitcode=${exitv:-1}
|
|
option_is_set -q || _msg failure $@
|
|
# be sure we forget the secrets we were told
|
|
exit $exitcode
|
|
}
|
|
|
|
function _print() {
|
|
option_is_set -q || _msg print $@
|
|
return 0
|
|
}
|
|
|
|
# Print out progress to inform GUI caller applications (--batch mode)
|
|
progress() {
|
|
# $1 is "what is progressing"
|
|
# $2 is "percentage"
|
|
# $3 is (eventually blank) status
|
|
# Example: if creating a tomb, it could be sth like
|
|
# progress create 0 filling with random data
|
|
# progress create 40 generating key
|
|
# progress keygen 0 please move the mouse
|
|
# progress keygen 30 please move the mouse
|
|
# progress keygen 60 please move the mouse
|
|
# progress keygen 100 key generated
|
|
# progress create 80 please enter password
|
|
# progress create 90 formatting the tomb
|
|
# progress create 100 tomb created successfully
|
|
if ! option_is_set --batch; then
|
|
return
|
|
fi
|
|
print "[m][P][$1][$2][$3]" >&2
|
|
|
|
}
|
|
|
|
# Check what's installed
|
|
check_bin() {
|
|
# check for required programs
|
|
for req in cryptsetup pinentry sudo gpg; do
|
|
command -v $req >& - || exitv=1 _failure "Cannot find ::1::. It's a requirement to use Tomb, please install it." $req
|
|
done
|
|
|
|
export PATH=/sbin:/usr/sbin:$PATH
|
|
|
|
# which dd command to use
|
|
command -v dcfldd >& -
|
|
{ test $? = 0 } && { DD="dcfldd statusinterval=1" }
|
|
|
|
# which wipe command to use
|
|
command -v wipe >& - && WIPE="wipe -f -s" || WIPE="rm -f"
|
|
|
|
# check for filesystem creation progs
|
|
command -v mkfs.ext4 >& - && \
|
|
MKFS="mkfs.ext4 -q -F -j -L" || \
|
|
MKFS="mkfs.ext3 -q -F -j -L"
|
|
|
|
# check for steghide
|
|
command -v steghide >& - || STEGHIDE=0
|
|
# check for resize
|
|
command -v e2fsck resize2fs >& - || RESIZER=0
|
|
# check for KDF auxiliary tools
|
|
command -v tomb-kdb-pbkdf2 >& - || KDF=0
|
|
# check for Swish-E file content indexer
|
|
command -v swish-e >& - || SWISH=0
|
|
# check for QREncode for paper backups of keys
|
|
command -v qrencode >& - || QRENCODE=0
|
|
}
|
|
|
|
# }}} - Commandline interaction
|
|
|
|
# {{{ Key operations
|
|
|
|
# $1 is the encrypted key contents we are checking
|
|
is_valid_key() {
|
|
_verbose "is_valid_key"
|
|
_key="$1"
|
|
# argument check
|
|
{ test "$_key" = "" } && { _key="$tomb_key" }
|
|
{ test "$_key" = "" } && {
|
|
_warning "is_valid_key() called without argument."; return 1 }
|
|
|
|
# if the key file is an image don't check file header
|
|
{ test -r "$tomb_key_file" } \
|
|
&& [[ `file "$tomb_key_file"` =~ "JP.G" ]] \
|
|
&& {
|
|
_message "Key is an image, it might be valid."; return 0 }
|
|
|
|
[[ "$_key" =~ "BEGIN PGP" ]] && {
|
|
_message "Key is valid."; return 0 }
|
|
|
|
return 1
|
|
}
|
|
|
|
# $1 is a string containing an encrypted key
|
|
recover_key() {
|
|
_warning "Attempting key recovery."
|
|
_key="$tomb_key"
|
|
tomb_key=""
|
|
|
|
[[ "$_key" =~ "_KDF_" ]] && {
|
|
tomb_key+="`print - $_key | $head -n 1`\n" }
|
|
|
|
tomb_key+="-----BEGIN PGP MESSAGE-----\n"
|
|
tomb_key+="$_key\n"
|
|
tomb_key+="-----END PGP MESSAGE-----\n"
|
|
return 0
|
|
}
|
|
|
|
# This function retrieves a tomb key specified on commandline or from
|
|
# stdin if -k - was selected. It also runs validity checks on the
|
|
# file. On success returns 0 and prints out the full path to
|
|
# the key, setting globals: $tomb_key_file and $tomb_key
|
|
load_key() {
|
|
# take the name of a tomb file as argument to option -k
|
|
# if no argument is given, tomb{key|dir|file} are set by caller
|
|
local keyopt
|
|
[[ "$1" = "" ]] || { keyopt="$1" }
|
|
[[ "$keyopt" = "" ]] && { keyopt="`option_value -k`" }
|
|
[[ "$keyopt" = "" ]] && {
|
|
_failure "This operation requires a key file to be specified using the -k option." }
|
|
|
|
if [[ "$keyopt" == "-" ]]; then
|
|
_verbose "load_key reading from stdin."
|
|
# take key from stdin
|
|
_message "Waiting for the key to be piped from stdin... "
|
|
tomb_key_file=stdin
|
|
tomb_key=`cat`
|
|
else
|
|
_verbose "load_key argument: ::1 opt::" $keyopt
|
|
# take key from a file
|
|
tomb_key_file="$keyopt"
|
|
{ test -r "${tomb_key_file}" } || {
|
|
_warning "Key not found, specify one using -k."
|
|
return 1}
|
|
tomb_key=`cat $tomb_key_file`
|
|
fi
|
|
|
|
_verbose "load_key: ::1 key::" $tomb_key_file
|
|
|
|
is_valid_key "${tomb_key}" || {
|
|
_warning "The key seems invalid or its format is not known by this version of Tomb."
|
|
# try recovering the key
|
|
recover_key "$tomb_key"
|
|
}
|
|
|
|
# declared tomb_key (contents)
|
|
# declared tomb_key_file (path)
|
|
return 0
|
|
}
|
|
|
|
# takes two args just like get_lukskey
|
|
# prints out the decrypted content
|
|
# contains tweaks for different gpg versions
|
|
gpg_decrypt() {
|
|
# fix for gpg 1.4.11 where the --status-* options don't work ;^/
|
|
gpgver=`gpg --version --no-permission-warning | awk '/^gpg/ {print $3}'`
|
|
gpgpass="$1\n$tomb_key"
|
|
|
|
if [ "$gpgver" = "1.4.11" ]; then
|
|
_verbose "GnuPG is version 1.4.11 - adopting status fix."
|
|
|
|
tomb_secret=`print - "$gpgpass" | \
|
|
gpg --batch --passphrase-fd 0 --no-tty --no-options"`
|
|
ret=$?
|
|
unset gpgpass
|
|
|
|
else # using status-file in gpg != 1.4.11
|
|
|
|
# TODO: use mkfifo
|
|
tmp_create
|
|
_status=`tmp_new`
|
|
|
|
tomb_secret=`print - "$gpgpass" | \
|
|
gpg --batch --passphrase-fd 0 --no-tty --no-options \
|
|
--status-fd 2 --no-mdc-warning --no-permission-warning \
|
|
--no-secmem-warning 2> $_status`
|
|
|
|
unset gpgpass
|
|
grep 'DECRYPTION_OKAY' $_status > /dev/null
|
|
ret=$?
|
|
|
|
fi
|
|
return $ret
|
|
|
|
}
|
|
|
|
|
|
# Gets a key file and a password, prints out the decoded contents to
|
|
# be used directly by Luks as a cryptographic key
|
|
get_lukskey() {
|
|
# $1 is the password
|
|
_verbose "get_lukskey"
|
|
|
|
_password="$1"
|
|
|
|
exhumedkey=""
|
|
|
|
firstline=`head -n1 <<< "$tomb_key"`
|
|
|
|
# key is KDF encoded
|
|
if [[ $firstline =~ '^_KDF_' ]]; then
|
|
_verbose "KDF: ::1 kdf::" $(cut -d_ -f 3 <<<$firstline)
|
|
case `cut -d_ -f 3 <<<$firstline` in
|
|
pbkdf2sha1)
|
|
pbkdf2_param=`cut -d_ -f 4- <<<$firstline | tr '_' ' '`
|
|
_password=$(tomb-kdb-pbkdf2 ${=pbkdf2_param} 2>/dev/null <<<$_password)
|
|
;;
|
|
*)
|
|
_failure "No suitable program for KDF ::1 program::." $(cut -f 3 <<<$firstline)
|
|
unset _password
|
|
return 1
|
|
;;
|
|
esac
|
|
|
|
# key needs to be exhumed from an image
|
|
elif [ -r "$tomb_key_file" ] \
|
|
&& [[ `file "$tomb_key_file"` =~ "JP.G" ]]; then
|
|
|
|
exhume_key "$tomb_key_file" "$_password"
|
|
|
|
fi
|
|
|
|
gpg_decrypt "$_password" # saves decrypted content into $tomb_secret
|
|
|
|
ret="$?"
|
|
|
|
_verbose "get_lukskey returns ::1::" $ret
|
|
return $ret
|
|
}
|
|
|
|
# This function asks the user for the password to use the key it tests
|
|
# it against the return code of gpg on success returns 0 and saves
|
|
# the password in the global variable $tomb_password
|
|
ask_key_password() {
|
|
[[ "$tomb_key_file" = "" ]] && {
|
|
_failure "Internal error: ask_key_password() called before load_key()." }
|
|
|
|
keyname="$tomb_key_file"
|
|
_message "A password is required to use key ::1 key::" $keyname
|
|
passok=0
|
|
tombpass=""
|
|
if [[ "$1" = "" ]]; then
|
|
for c in 1 2 3; do
|
|
if [[ $c = 1 ]]; then
|
|
tombpass=`exec_as_user ${TOMBEXEC} askpass "Insert password to use key: $keyname"`
|
|
else
|
|
tombpass=`exec_as_user ${TOMBEXEC} askpass "Insert password to use key: $keyname (retry $c)"`
|
|
fi
|
|
if [[ $? != 0 ]]; then
|
|
_warning "User aborted password dialog."
|
|
return 1
|
|
fi
|
|
|
|
get_lukskey "$tombpass"
|
|
|
|
if [ $? = 0 ]; then
|
|
passok=1; _message "Password OK."
|
|
break;
|
|
fi
|
|
done
|
|
|
|
else
|
|
# if a second argument is present then the password is already known
|
|
tombpass="$1"
|
|
_verbose "ask_key_password with tombpass: ::1 tomb pass::" $tombpass
|
|
|
|
get_lukskey "$tombpass"
|
|
|
|
if [ $? = 0 ]; then
|
|
passok=1; _message "Password OK."; fi
|
|
|
|
fi
|
|
# print the password out in case caller needs to know it
|
|
{ test "$passok" = "1" } || { return 1 }
|
|
|
|
tomb_password="$tombpass"
|
|
return 0
|
|
}
|
|
|
|
# change tomb key password
|
|
change_passwd() {
|
|
_check_swap
|
|
|
|
load_key
|
|
keyfile="$tomb_key_file"
|
|
|
|
_message "Commanded to change password for tomb key ::1 key::" $keyfile
|
|
|
|
local tmpnewkey lukskey c tombpass tombpasstmp
|
|
|
|
tmp_create
|
|
tmpnewkey=`tmp_new`
|
|
|
|
if option_is_set --tomb-old-pwd; then
|
|
tomb_old_pwd="`option_value --tomb-old-pwd`"
|
|
_verbose "tomb-old-pwd = ::1 old pass::" $tomb_old_pwd
|
|
ask_key_password "$tomb_old_pwd"
|
|
else
|
|
ask_key_password
|
|
fi
|
|
|
|
{ test $? = 0 } || {
|
|
_failure "No valid password supplied." }
|
|
|
|
_success "Changing password for ::1 key file::" $keyfile
|
|
|
|
# here $tomb_secret contains the key material in clear
|
|
|
|
if option_is_set --tomb-pwd; then
|
|
tomb_new_pwd="`option_value --tomb-pwd`"
|
|
_verbose "tomb-pwd = ::1 new pass::" $tomb_new_pwd
|
|
gen_key "$tomb_new_pwd" >> "$tmpnewkey"
|
|
else
|
|
gen_key >> "$tmpnewkey"
|
|
fi
|
|
|
|
if ! is_valid_key "`cat $tmpnewkey`"; then
|
|
_failure "Error: the newly generated keyfile does not seem valid."
|
|
else
|
|
# copy the new key as the original keyfile name
|
|
cp -f "${tmpnewkey}" "${keyfile}"
|
|
_success "Your passphrase was successfully updated."
|
|
|
|
fi
|
|
return 0
|
|
}
|
|
|
|
|
|
# takes care to encrypt a key
|
|
# honored options: --kdf --tomb-pwd -o
|
|
gen_key() {
|
|
# $1 the password to use, if not set then ask user
|
|
# -o is the --cipher-algo to use (string taken by GnuPG)
|
|
local algopt="`option_value -o`"
|
|
local algo="${algopt:-AES256}"
|
|
# here user is prompted for key password
|
|
tombpass=""
|
|
tombpasstmp=""
|
|
|
|
if [ "$1" = "" ]; then
|
|
while true; do
|
|
# 3 tries to write two times a matching password
|
|
tombpass=`exec_as_user ${TOMBEXEC} askpass "Type the new password to secure your key"`
|
|
if [[ $? != 0 ]]; then
|
|
_failure "User aborted."
|
|
fi
|
|
if [ -z $tombpass ]; then
|
|
_warning "You set empty password, which is not possible."
|
|
continue
|
|
fi
|
|
tombpasstmp=$tombpass
|
|
tombpass=`exec_as_user ${TOMBEXEC} askpass "Type the new password to secure your key (again)"`
|
|
if [[ $? != 0 ]]; then
|
|
_failure "User aborted."
|
|
fi
|
|
if [ "$tombpasstmp" = "$tombpass" ]; then
|
|
break;
|
|
fi
|
|
unset tombpasstmp
|
|
unset tombpass
|
|
done
|
|
else
|
|
tombpass="$1"
|
|
_verbose "gen_key takes tombpass from CLI argument: ::1 tomb pass::" $tombpass
|
|
fi
|
|
|
|
header=""
|
|
{ test "$KDF" = 1 } && {
|
|
{ option_is_set --kdf } && {
|
|
# KDF is a new key strenghtening technique against brute forcing
|
|
# see: https://github.com/dyne/Tomb/issues/82
|
|
itertime="`option_value --kdf`"
|
|
# removing support of floating points because they can't be type checked well
|
|
if [[ "$itertime" != <-> ]]; then
|
|
unset tombpass
|
|
unset tombpasstmp
|
|
_failure "Wrong argument for --kdf: must be an integer number (iteration seconds)."
|
|
fi
|
|
# --kdf takes one parameter: iter time (on present machine) in seconds
|
|
local -i microseconds
|
|
microseconds=$(( itertime * 10000 ))
|
|
_success "Using KDF, iterations: ::1 microseconds::" $microseconds
|
|
_message "generating salt"
|
|
pbkdf2_salt=`tomb-kdb-pbkdf2-gensalt`
|
|
_message "calculating iterations"
|
|
pbkdf2_iter=`tomb-kdb-pbkdf2-getiter $microseconds`
|
|
_message "encoding the password"
|
|
# We use a length of 64bytes = 512bits (more than needed!?)
|
|
tombpass=`tomb-kdb-pbkdf2 $pbkdf2_salt $pbkdf2_iter 64 <<<"${tombpass}"`
|
|
|
|
header="_KDF_pbkdf2sha1_${pbkdf2_salt}_${pbkdf2_iter}_64\n"
|
|
}
|
|
}
|
|
|
|
|
|
print $header
|
|
|
|
# TODO: check result of gpg operation
|
|
cat <<EOF | gpg --openpgp --force-mdc --cipher-algo ${algo} \
|
|
--batch --no-options --no-tty --passphrase-fd 0 --status-fd 2 \
|
|
-o - -c -a
|
|
${tombpass}
|
|
${tomb_secret}
|
|
EOF
|
|
# print -n "${tombpass}" \
|
|
# | gpg --openpgp --force-mdc --cipher-algo ${algo} \
|
|
# --batch --no-options --no-tty --passphrase-fd 0 --status-fd 2 \
|
|
# -o - -c -a ${lukskey}
|
|
|
|
# update global var
|
|
tomb_password="$tombpass"
|
|
unset tombpass
|
|
unset tombpasstmp
|
|
}
|
|
|
|
# prints an array of ciphers available in gnupg (to encrypt keys)
|
|
list_gnupg_ciphers() {
|
|
# prints an error if GnuPG is not found
|
|
which gpg >& - || _failure "gpg (GnuPG) is not found, Tomb cannot function without it."
|
|
|
|
ciphers=(`gpg --version | awk '
|
|
BEGIN { ciphers=0 }
|
|
/^Cipher:/ { gsub(/,/,""); sub(/^Cipher:/,""); print; ciphers=1; next }
|
|
/^Hash:/ { ciphers=0 }
|
|
{ if(ciphers==0) { next } else { gsub(/,/,""); print; } }
|
|
'`)
|
|
echo " ${ciphers}"
|
|
return 1
|
|
}
|
|
|
|
# Steganographic function to bury a key inside an image.
|
|
# Requires steghide(1) to be installed
|
|
bury_key() {
|
|
load_key
|
|
[[ $? = 0 ]] || {
|
|
_failure "Bury failed for invalid key: ::1 key::" $tomb_key_file }
|
|
|
|
imagefile=$PARAM
|
|
|
|
file $imagefile | grep -i JPEG > /dev/null
|
|
if [ $? != 0 ]; then
|
|
_warning "Encode failed: ::1 image file:: is not a jpeg image." $imagefile
|
|
return 1
|
|
fi
|
|
|
|
_success "Encoding key ::1 tomb key:: inside image ::2 image file::" $tomb_key $imagefile
|
|
_message "Please confirm the key password for the encoding"
|
|
# We ask the password and test if it is the same encoding the
|
|
# base key, to insure that the same password is used for the
|
|
# encryption and the steganography. This is a standard enforced
|
|
# by Tomb, but its not strictly necessary (and having different
|
|
# password would enhance security). Nevertheless here we prefer
|
|
# usability.
|
|
|
|
if option_is_set --tomb-pwd; then
|
|
tomb_pwd="`option_value --tomb-pwd`"
|
|
_verbose "tomb-pwd = ::1 tomb pass::" $tomb_pwd
|
|
ask_key_password "$tomb_pwd"
|
|
else
|
|
ask_key_password
|
|
fi
|
|
{ test $? = 0 } || {
|
|
_warning "Wrong password supplied."
|
|
_failure "You shall not bury a key whose password is unknown to you."
|
|
}
|
|
|
|
# we omit armor strings since having them as constants can give
|
|
# ground to effective attacks on steganography
|
|
print - "$tomb_key" | awk '
|
|
/^-----/ {next}
|
|
/^Version/ {next}
|
|
{print $0}' \
|
|
| steghide embed --embedfile - --coverfile ${imagefile} \
|
|
-p ${tomb_password} -z 9 -e serpent cbc
|
|
if [ $? != 0 ]; then
|
|
_warning "Encoding error: steghide reports problems."
|
|
res=1
|
|
else
|
|
_success "Tomb key encoded succesfully into image ::1 image file::" $imagefile
|
|
res=0
|
|
fi
|
|
|
|
return $res
|
|
}
|
|
|
|
# mandatory 1st arg: the image file where key is supposed to be
|
|
# optional 2nd arg: the password to use (same as key, internal use)
|
|
# optional 3rd arg: the key where to save the result (- for stdout)
|
|
exhume_key() {
|
|
|
|
imagefile="$1"
|
|
res=1
|
|
|
|
knownpass="$2"
|
|
|
|
destkey="$3"
|
|
[[ "$destkey" = "" ]] && {
|
|
destkey="`option_value -k`"
|
|
{ test "$destkey" = "" } && {
|
|
# no key output specified: fallback to stdout
|
|
destkey="-"
|
|
_message "printing exhumed key on stdout" }
|
|
}
|
|
|
|
{ test -r "$imagefile" } || {
|
|
_failure "Exhume failed, image file not found: ::1 image file::" $imagefile }
|
|
|
|
[[ `file "$imagefile"` =~ "JP.G" ]] || {
|
|
_failure "Exhume failed: ::1 image file:: is not a jpeg image." $imagefile }
|
|
|
|
# when a password is passed as argument then always print out
|
|
# the exhumed key on stdout without further checks (internal use)
|
|
{ test "$knownpass" = "" } || {
|
|
tomb_key=`steghide extract -sf "$imagefile" -p "$knownpass" -xf -`
|
|
{ test $? = 0 } || {
|
|
_failure "Wrong password or no steganographic key found" }
|
|
|
|
recover_key "$tomb_key"
|
|
return 0
|
|
}
|
|
|
|
{ test "$destkey" = "-" } || {
|
|
if [[ -s "$destkey" ]]; then
|
|
_warning "File exists: ::1 tomb key::" $destkey
|
|
{ option_is_set -f } || {
|
|
_warning "Make explicit use of --force to overwrite."
|
|
_failure "Refusing to overwrite file. Operation aborted." }
|
|
_warning "Use of --force selected: overwriting."
|
|
rm -f ${destkey}
|
|
fi
|
|
}
|
|
|
|
_message "Trying to exhume a key out of image ::1 image file::" $imagefile
|
|
if option_is_set --tomb-pwd; then
|
|
tombpass="`option_value --tomb-pwd`"
|
|
_verbose "tomb-pwd = ::1 tomb pass::" $tombpass
|
|
elif [[ "$tomb_password" != "" ]]; then
|
|
# password is known already
|
|
tombpass="$tomb_password"
|
|
else
|
|
tombpass=`exec_as_user ${TOMBEXEC} askpass "Insert password to exhume key from $imagefile"`
|
|
if [[ $? != 0 ]]; then
|
|
_warning "User aborted password dialog."
|
|
return 1
|
|
fi
|
|
fi
|
|
|
|
# always steghide required
|
|
steghide extract -sf ${imagefile} -p ${tombpass} -xf ${destkey}
|
|
res=$?
|
|
|
|
unset tombpass
|
|
|
|
[[ "$destkey" = "-" ]] && { destkey="stdout" }
|
|
if [ $res = 0 ]; then
|
|
_success "Key succesfully exhumed to ::1 key::." $destkey
|
|
else
|
|
_warning "Nothing found in ::1 image file::" $imagefile
|
|
fi
|
|
|
|
return $res
|
|
}
|
|
|
|
# Produces a printable image of the key contents so that it can be
|
|
# backuped on paper and hidden in books etc.
|
|
engrave_key() {
|
|
# load key from options
|
|
load_key
|
|
tombkey="$tomb_key_file"
|
|
{ test $? = 0 } || { _failure "No key specified." }
|
|
keyname=`basename $tombkey`
|
|
pngname="$keyname.qr.png"
|
|
|
|
_success "Rendering a printable QRCode for key: ::1 tomb key::" $tombkey
|
|
# we omit armor strings to save space
|
|
awk '
|
|
/^-----/ {next}
|
|
/^Version/ {next}
|
|
{print $0}' ${tombkey} | qrencode --size 4 --level H \
|
|
--casesensitive -o "$pngname"
|
|
{ test $? = 0 } || { _failure "QREncode reported an error." }
|
|
_success "Operation successful:"
|
|
ls -lh $pngname
|
|
file $pngname
|
|
}
|
|
|
|
# }}} - Key handling
|
|
|
|
# {{{ Create
|
|
|
|
# This is a new way to create tombs which dissects the whole create_tomb() into 3 clear steps:
|
|
#
|
|
# * dig a .tomb (the large file) using /dev/urandom (takes some minutes at least)
|
|
#
|
|
# * forge a .key (the small file) using /dev/random (good entropy needed)
|
|
#
|
|
# * lock the .tomb file with the key, binding the key to the tomb (requires dm_crypt format)
|
|
|
|
|
|
forge_key() {
|
|
# can be specified both as simple argument or using -k
|
|
destkey="$1"
|
|
{ option_is_set -k } && { destkey="`option_value -k`" }
|
|
|
|
{ test "$destkey" = "" } && {
|
|
_warning "A filename needs to be specified using -k to forge a new key."
|
|
return 1 }
|
|
|
|
_message "Commanded to forge key ::1 key::" $destkey
|
|
_check_swap
|
|
|
|
|
|
# make sure that gnupg doesn't quits with an error before first run
|
|
{ test -r $HOME/.gnupg/pubring.gpg } || {
|
|
mkdir $HOME/.gnupg
|
|
touch $HOME/.gnupg/pubring.gpg }
|
|
|
|
{ test -r "$destkey" } && {
|
|
_warning "Forging this key would overwrite an existing file. Operation aborted."
|
|
_failure "`ls -lh $destkey`" }
|
|
|
|
{ option_is_set -o } && { algopt="`option_value -o`" }
|
|
algo=${algopt:-AES256}
|
|
|
|
_message "Commanded to forge key ::1 key:: with cipher algorithm ::2 algorithm::" $destkey $algo
|
|
|
|
tomb_key_file="$destkey"
|
|
|
|
_message "This operation takes time, keep using this computer on other tasks,"
|
|
_message "once done you will be asked to choose a password for your tomb."
|
|
_message "To make it faster you can move the mouse around."
|
|
_message "If you are on a server, you can use an Entropy Generation Daemon."
|
|
|
|
local random_source=/dev/random
|
|
if option_is_set --use-urandom; then
|
|
random_source=/dev/urandom
|
|
fi
|
|
|
|
_verbose "Data dump using ::1:: from ::2 source::" ${DD[1]} $random_source
|
|
tomb_secret=`${=DD} bs=1 count=256 if=$random_source`
|
|
{ test $? = 0 } || {
|
|
_warning "Cannot generate encryption key."
|
|
_failure "Operation aborted." }
|
|
|
|
# here the global var tomb_secret contains the nude secret
|
|
|
|
_success "Choose the password of your key: ::1 tomb key::" $tomb_key_file
|
|
_message "(You can also change it later using 'tomb passwd'.)"
|
|
touch ${tomb_key_file}
|
|
chown ${_uid}:${_gid} ${tomb_key_file}
|
|
chmod 0600 ${tomb_key_file}
|
|
|
|
tombname="$tomb_key_file"
|
|
# the gen_key() function takes care of the new key's encryption
|
|
if option_is_set --tomb-pwd; then
|
|
tomb_new_pwd="`option_value --tomb-pwd`"
|
|
_verbose "tomb-pwd = ::1 new pass::" $tomb_new_pwd
|
|
gen_key "$tomb_new_pwd" >> "$tomb_key_file"
|
|
else
|
|
gen_key >> "$tomb_key_file"
|
|
fi
|
|
|
|
# load the key contents
|
|
tomb_key=`cat "$tomb_key_file"`
|
|
|
|
# this does a check on the file header
|
|
is_valid_key "${tomb_key}" || {
|
|
_warning "The key does not seem to be valid."
|
|
_warning "Dumping contents to screen:"
|
|
cat ${tombkey}
|
|
_warning "--"
|
|
umount ${keytmp}
|
|
rm -r $keytmp
|
|
_failure "Operation aborted."
|
|
}
|
|
|
|
_message "Done forging ::1 key::" $tomb_key_file
|
|
_success "Your key is ready:"
|
|
ls -lh ${tomb_key_file}
|
|
}
|
|
|
|
# Dig a tomb, means that it will create an empty file to be formatted
|
|
# as a loopback filesystem. Initially the file is filled with random data
|
|
# taken from /dev/urandom which improves the tomb's overall security
|
|
dig_tomb() {
|
|
_message "Commanded to dig tomb ::1 tomb name::" $1
|
|
if [ "$1" = "" ]; then
|
|
_warning "No tomb name specified for creation."
|
|
return 1
|
|
fi
|
|
|
|
_check_swap
|
|
|
|
tombfile=`basename $1`
|
|
tombdir=`dirname $1`
|
|
# make sure the file has a .tomb extension
|
|
tombname=${tombfile%%\.*}
|
|
tombfile=${tombname}.tomb
|
|
|
|
# require the specification of the size of the tomb (-s) in MB
|
|
tombsize="`option_value -s`"
|
|
|
|
[ $tombsize ] || _failure "Size argument missing, use -s"
|
|
|
|
[[ $tombsize != <-> ]] && _failure "Size argument is not an integer."
|
|
|
|
[[ $tombsize -lt 10 ]] && _failure "Tombs can't be smaller than 10 megabytes."
|
|
|
|
if [ -e ${tombdir}/${tombfile} ]; then
|
|
_warning "A tomb exists already. I'm not digging here:"
|
|
_warning " `ls -lh ${tombdir}/${tombfile}`"
|
|
return 1
|
|
fi
|
|
|
|
_success "Creating a new tomb in ::1 tomb dir::/::2 tomb file::" $tombdir $tombfile
|
|
|
|
_message "Generating ::1 tomb file:: of ::2 size::MiB" $tombfile $tombsize
|
|
# we will first touch the file and set permissions: this way, even if interrupted, permissions are right
|
|
touch ${tombdir}/${tombfile}
|
|
chmod 0600 "${tombdir}/${tombfile}"
|
|
chown $_uid:$_gid "${tombdir}/${tombfile}"
|
|
|
|
_verbose "Data dump using ::1:: from /dev/urandom" ${DD[1]}
|
|
|
|
${=DD} if=/dev/urandom bs=1048576 count=${tombsize} of=${tombdir}/${tombfile}
|
|
|
|
if [ $? = 0 -a -e ${tombdir}/${tombfile} ]; then
|
|
_message " `ls -lh ${tombdir}/${tombfile}`"
|
|
else
|
|
_failure "Error creating the tomb ::1 tomb dir::/::2 tomb file::, operation aborted." $tombdir $tombfile
|
|
fi
|
|
|
|
_success "Done digging ::1 tomb name::" $tombname
|
|
_message "Your tomb is not yet ready, you need to forge a key and lock it:"
|
|
_message "tomb forge ::1 tomb name::.tomb.key" $tombname
|
|
_message "tomb lock ::1 tomb name::.tomb -k ::1 tomb name::.tomb.key" $tombname
|
|
}
|
|
|
|
|
|
# this function locks a tomb with a key file
|
|
# in fact LUKS formatting the loopback volume
|
|
# it take arguments as the LUKS cipher to be used
|
|
lock_tomb_with_key() {
|
|
if ! [ $1 ]; then
|
|
_warning "No tomb specified for locking."
|
|
_warning "Usage: tomb lock file.tomb file.tomb.key"
|
|
return 1
|
|
fi
|
|
|
|
tombpath="$1"
|
|
tombdir=`dirname "$tombpath"`
|
|
tombfile=`basename "$tombpath"`
|
|
tombname="${tombfile%%\.*}"
|
|
|
|
_message "Commanded to lock tomb ::1 tomb file::" $tombfile
|
|
|
|
{ test -f ${tombdir}/${tombfile} } || {
|
|
_failure "There is no tomb here. You have to it dig first."
|
|
return 1 }
|
|
|
|
_verbose "Tomb found: ::1 tomb dir::/::2 tomb file::" $tombdir $tombfile
|
|
|
|
lo_mount "${tombdir}/${tombfile}"
|
|
nstloop=`lo_new`
|
|
|
|
_verbose "Loop mounted on ::1 mount point::" $nstloop
|
|
|
|
_message "Checking if the tomb is empty (we never step on somebody else's bones)."
|
|
cryptsetup isLuks ${nstloop}
|
|
if [ $? = 0 ]; then
|
|
# is it a LUKS encrypted nest? then bail out and avoid reformatting it
|
|
_warning "The tomb was already locked with another key."
|
|
_failure "Operation aborted. I cannot lock an already locked tomb. Go dig a new one."
|
|
else
|
|
_message "Fine, this tomb seems empty."
|
|
fi
|
|
|
|
# load key from options or file
|
|
load_key
|
|
|
|
{ test $? = 0 } || {
|
|
_failure "Aborting operations: error loading key." }
|
|
# make sure to call drop_key later
|
|
|
|
# the encryption cipher for a tomb can be set when locking using -o
|
|
if option_is_set -o; then
|
|
cipher="`option_value -o`"
|
|
else
|
|
cipher="aes-xts-plain64:sha256"
|
|
# old default was aes-cbc-essiv:sha256
|
|
# for more alternatives refer to cryptsetup(8)
|
|
fi
|
|
_message "Locking using cipher: ::1 cipher::" $cipher
|
|
|
|
# get the pass from the user and check it
|
|
if option_is_set --tomb-pwd; then
|
|
tomb_pwd="`option_value --tomb-pwd`"
|
|
_verbose "tomb-pwd = ::1 tomb pass::" $tomb_pwd
|
|
ask_key_password "$tomb_pwd"
|
|
else
|
|
ask_key_password
|
|
fi
|
|
{ test $? = 0 } || {
|
|
_failure "No valid password supplied." }
|
|
|
|
_success "Locking ::1 tomb file:: with ::2 tomb key::" $tombfile $tomb_key
|
|
|
|
_message "Formatting Luks mapped device."
|
|
print -n - "$tomb_secret" | \
|
|
cryptsetup --key-file - --batch-mode \
|
|
--cipher ${cipher} --key-size 256 --key-slot 0 \
|
|
luksFormat ${nstloop}
|
|
if ! [ $? = 0 ]; then
|
|
_warning "cryptsetup luksFormat returned an error."
|
|
_failure "Operation aborted."
|
|
fi
|
|
|
|
print -n - "$tomb_secret" | \
|
|
cryptsetup --key-file - \
|
|
--cipher ${cipher} luksOpen ${nstloop} tomb.tmp
|
|
if ! [ $? = 0 ]; then
|
|
_warning "cryptsetup luksOpen returned an error."
|
|
_failure "Operation aborted."
|
|
fi
|
|
|
|
_message "Formatting your Tomb with Ext3/Ext4 filesystem."
|
|
${=MKFS} ${tombname} /dev/mapper/tomb.tmp
|
|
|
|
if [ $? != 0 ]; then
|
|
_warning "Tomb format returned an error."
|
|
_warning "Your tomb ::1 tomb file:: may be corrupted." $tombfile
|
|
fi
|
|
|
|
# sync
|
|
|
|
cryptsetup luksClose tomb.tmp
|
|
|
|
_message "Done locking ::1 tomb name:: using Luks dm-crypt ::2 cipher::" $tombname $cipher
|
|
_success "Your tomb is ready in ::1 tomb dir::/::2 tomb file:: and secured with key ::3 tomb key::" $tombdir $tombfile $tomb_key
|
|
|
|
}
|
|
|
|
# This function changes the key that locks a tomb
|
|
change_tomb_key() {
|
|
_message "Commanded to reset key for tomb ::1 tomb name::" $2
|
|
|
|
_check_swap
|
|
|
|
[[ "$2" = "" ]] && {
|
|
_warning "Command 'setkey' needs two arguments: the old key file and the tomb."
|
|
_warning "I.e: tomb -k new.tomb.key old.tomb.key secret.tomb"
|
|
_failure "Execution aborted."
|
|
}
|
|
|
|
lo_mount "$2"
|
|
nstloop=`lo_new`
|
|
cryptsetup isLuks ${nstloop}
|
|
# is it a LUKS encrypted nest? we check one more time
|
|
{ test $? = 0 } || {
|
|
_failure "Not a valid LUKS encrypted volume: ::1 volume::" $2 }
|
|
|
|
|
|
load_key "$1"
|
|
{ test $? = 0 } || {
|
|
_failure "Aborting operations: error loading old key from arguments" }
|
|
old_key="$tomb_key"
|
|
old_key_file="$tomb_key_file"
|
|
|
|
# we have everything, prepare to mount
|
|
_success "Changing lock on tomb ::1 tomb name::" $tombname
|
|
_message "Old key: ::1 old key::" $old_key
|
|
|
|
# render the mapper
|
|
mapdate=`date +%s`
|
|
# save date of mount in minutes since 1970
|
|
mapper="tomb.${tombname}.${mapdate}.`basename $nstloop`"
|
|
|
|
# load the old key
|
|
if option_is_set --tomb-old-pwd; then
|
|
tomb_old_pwd="`option_value --tomb-old-pwd`"
|
|
_verbose "tomb-old-pwd = ::1 old pass::" $tomb_old_pwd
|
|
ask_key_password "$tomb_old_pwd"
|
|
else
|
|
ask_key_password
|
|
fi
|
|
{ test $? = 0 } || {
|
|
_failure "No valid password supplied for the old key." }
|
|
old_secret="$tomb_secret"
|
|
|
|
# luksOpen the tomb (not really mounting, just on the loopback)
|
|
print -n - "$old_secret" | \
|
|
cryptsetup --key-file - luksOpen ${nstloop} ${mapper}
|
|
{ test $? = 0 } || {
|
|
_failure "Unexpected error in luksOpen." }
|
|
|
|
load_key
|
|
{ test $? = 0 } || {
|
|
_failure "Aborting operations: error loading new key from -k" }
|
|
new_key="$tomb_key"
|
|
new_key_file="$tomb_key_file"
|
|
_message "New key: ::1 key::" $new_key_file
|
|
|
|
if option_is_set --tomb-pwd; then
|
|
tomb_new_pwd="`option_value --tomb-pwd`"
|
|
_verbose "tomb-pwd = ::1 tomb pass::" $tomb_new_pwd
|
|
ask_key_password "$tomb_new_pwd"
|
|
else
|
|
ask_key_password
|
|
fi
|
|
{ test $? = 0 } || {
|
|
_failure "No valid password supplied for the new key." }
|
|
new_secret="$tomb_secret"
|
|
|
|
# danger zone: due to cryptsetup limitations, in setkey we need
|
|
# to write the bare unencrypted key on the tmpfs.
|
|
tmp_create
|
|
new_secret_file=`tmp_new`
|
|
print -n - "$new_secret" >> $new_secret_file
|
|
print -n - "$old_secret"| \
|
|
cryptsetup --key-file - luksChangeKey "$nstloop" "$new_secret_file"
|
|
{ test $? = 0 } || {
|
|
_failure "Unexpected error in luksChangeKey." }
|
|
|
|
unset old_key
|
|
|
|
cryptsetup luksClose "${mapper}"
|
|
{ test $? = 0 } || {
|
|
_failure "Unexpected error in luksClose." }
|
|
|
|
_success "Succesfully changed key for tomb: ::1 tomb file::" $2
|
|
_message "The new key is: ::1 new key::" $new_key
|
|
|
|
unset new_key
|
|
|
|
return 0
|
|
}
|
|
|
|
# backward compatibility
|
|
create_tomb() {
|
|
_verbose "create_tomb(): ::1:: ::2::" ${=@} ${=OLDARGS}
|
|
[[ "$1" = "" ]] && {
|
|
_warning "No tomb name specified for creation."
|
|
return 1 }
|
|
|
|
{ test -s "$1" } && {
|
|
_warning "Creating this tomb would overwrite an existing file."
|
|
ls -lh "$1"
|
|
_failure " Operation aborted." }
|
|
|
|
tombfile=`basename $1`
|
|
tombdir=`dirname $1`
|
|
# make sure the file has a .tomb extension
|
|
tombname=${tombfile%%\.*}
|
|
tombfile=${tombname}.tomb
|
|
|
|
${TOMBEXEC} dig ${=PARAM}
|
|
${TOMBEXEC} forge ${tombdir}/${tombfile}.key
|
|
{ test $? = 0 } || { _failure "Failed to forge key, operation aborted." }
|
|
|
|
${TOMBEXEC} lock ${tombdir}/${tombfile} -k ${tombdir}/${tombfile}.key
|
|
{ test $? = 0 } || { _failure "Failed to lock tomb with key, operation aborted." }
|
|
|
|
_success "Tomb ::1 tomb name:: succesfully created." $tombname
|
|
ls -l ${tombfile}*
|
|
}
|
|
|
|
# }}} - Creation
|
|
|
|
# {{{ Open
|
|
|
|
# $1 = tombfile $2(optional) = mountpoint
|
|
mount_tomb() {
|
|
_message "Commanded to open tomb ::1 tomb name::" $1
|
|
if [ "$1" = "" ]; then
|
|
_warning "No tomb name specified for opening."
|
|
return 1
|
|
fi
|
|
|
|
_check_swap
|
|
|
|
# set up variables to be used
|
|
# the full path is made with $tombdir/$tombfile
|
|
|
|
tombfile=`basename ${1}`
|
|
tombdir=`dirname ${1}`
|
|
# check file type (if its a Luks fs)
|
|
file ${tombdir}/${tombfile} | \
|
|
grep -i 'luks encrypted file' 2>&1 > /dev/null
|
|
if [ $? != 0 ]; then
|
|
_warning "::1 tomb file:: is not a valid tomb file, operation aborted." $1
|
|
return 1
|
|
fi
|
|
tombname=${tombfile%%\.*}
|
|
_verbose "Tomb found: ::1 tomb dir::/::2 tomb file::" $tombdir $tombfile
|
|
|
|
# load_key called here
|
|
load_key
|
|
########
|
|
|
|
{ test $? = 0 } || {
|
|
_failure "Aborting operations: error loading key ::1 key::" $tombkey }
|
|
|
|
if [ "$2" = "" ]; then
|
|
tombmount=/media/${tombfile}
|
|
_message "Mountpoint not specified, using default: ::1 mount point::" $tombmount
|
|
else
|
|
tombmount=$2
|
|
fi
|
|
|
|
# check if its already open
|
|
mount -l | grep "${tombfile}.*\[$tombname\]$" 2>&1 > /dev/null
|
|
if [ $? = 0 ]; then
|
|
_warning "::1 tomb name:: is already open." $tombname
|
|
_message "Here below its status is reported:"
|
|
list_tombs ${tombname}
|
|
return 0
|
|
fi
|
|
|
|
_success "Opening ::1 tomb file:: on ::2 mount point::" $tombfile $tombmount
|
|
|
|
lo_mount "${tombdir}/${tombfile}"
|
|
nstloop=`lo_new`
|
|
|
|
cryptsetup isLuks ${nstloop}
|
|
if [ $? != 0 ]; then
|
|
# is it a LUKS encrypted nest? see cryptsetup(1)
|
|
_warning "::1 tomb file:: is not a valid Luks encrypted storage file." $tombfile
|
|
return 1
|
|
fi
|
|
_message "This tomb is a valid LUKS encrypted device."
|
|
|
|
luksdump="`cryptsetup luksDump ${nstloop}`"
|
|
tombdump=(`print $luksdump | awk '
|
|
/^Cipher name/ {print $3}
|
|
/^Cipher mode/ {print $3}
|
|
/^Hash spec/ {print $3}'`)
|
|
_message "Cipher is \"::1 cipher::\" mode \"::2 mode::\" hash \"::3 hash::\"" $tombdump[1] $tombdump[2] $tombdump[3]
|
|
|
|
slotwarn=`print $luksdump | awk '
|
|
BEGIN { zero=0 }
|
|
/^Key slot 0/ { zero=1 }
|
|
/^Key slot.*ENABLED/ { if(zero==1) print "WARN" }'`
|
|
{ test "$slotwarn" = "WARN" } && {
|
|
_warning "Multiple key slots are enabled on this tomb. Beware: there can be a backdoor." }
|
|
|
|
# save date of mount in minutes since 1970
|
|
mapdate=`date +%s`
|
|
|
|
mapper="tomb.${tombname}.${mapdate}.`basename $nstloop`"
|
|
_verbose "dev mapper device: ::1 mapper::" $mapper
|
|
_verbose "Tomb key: ::1 key::" $tomb_key
|
|
|
|
# take the name only, strip extensions
|
|
_verbose "Tomb name: ::1 tomb name:: (to be engraved)" $tombname
|
|
|
|
if option_is_set --tomb-pwd; then
|
|
tomb_pwd="`option_value --tomb-pwd`"
|
|
_verbose "tomb-pwd = ::1 tomb pass::" $tomb_pwd
|
|
ask_key_password "$tomb_pwd"
|
|
else
|
|
ask_key_password
|
|
fi
|
|
{ test $? = 0 } || {
|
|
_failure "No valid password supplied." }
|
|
|
|
print -n - "$tomb_secret" | \
|
|
cryptsetup --key-file - luksOpen ${nstloop} ${mapper}
|
|
|
|
if ! [ -r /dev/mapper/${mapper} ]; then
|
|
_failure "Failure mounting the encrypted file."
|
|
fi
|
|
|
|
# preserve the loopdev after exit
|
|
lo_preserve "$nstloop"
|
|
|
|
# array: [ cipher, keysize, loopdevice ]
|
|
tombstat=(`cryptsetup status ${mapper} | awk '
|
|
/cipher:/ {print $2}
|
|
/keysize:/ {print $2}
|
|
/device:/ {print $2}'`)
|
|
_success "Success unlocking tomb ::1 tomb name::" $tombname
|
|
_verbose "Key size is ::1 size:: for cipher ::2 cipher::" $tombstat[2] $tombstat[1]
|
|
|
|
_message "Checking filesystem via ::1::" $tombstat[3]
|
|
fsck -p -C0 /dev/mapper/${mapper}
|
|
_verbose "Tomb engraved as ::1 tomb name::" $tombname
|
|
tune2fs -L ${tombname} /dev/mapper/${mapper} > /dev/null
|
|
|
|
# we need root from here on
|
|
mkdir -p $tombmount
|
|
|
|
mount -o $MOUNTOPTS /dev/mapper/${mapper} ${tombmount}
|
|
|
|
chown ${_uid}:${_gid} ${tombmount}
|
|
chmod 0711 ${tombmount}
|
|
|
|
_success "Success opening ::1 tomb file:: on ::2 mount point::" $tombfile $tombmount
|
|
|
|
# print out when was opened the last time, by whom and where
|
|
{ test -r ${tombmount}/.last } && {
|
|
tombtty="`cat ${tombmount}/.tty`"
|
|
tombhost="`cat ${tombmount}/.host`"
|
|
tombuid="`cat ${tombmount}/.uid`"
|
|
tomblast="`cat ${tombmount}/.last`"
|
|
tombuser=`awk -F: '/:'"$tombuid"':/ {print $1}' /etc/passwd`
|
|
_message "Last visit by ::1 user::(::2 tomb build::) from ::3 tty:: on ::4 host::" $tombuser $tombuid $tombtty $tombhost
|
|
_message "on date ::1 date::" $(date --date @$tomblast +%c)
|
|
}
|
|
# write down the UID and TTY that opened the tomb
|
|
rm -f ${tombmount}/.uid
|
|
echo ${_uid} > ${tombmount}/.uid
|
|
rm -f ${tombmount}/.tty
|
|
echo ${_tty} > ${tombmount}/.tty
|
|
# also the hostname
|
|
rm -f ${tombmount}/.host
|
|
echo `hostname` > ${tombmount}/.host
|
|
# and the "last time opened" information
|
|
# in minutes since 1970, this is printed at next open
|
|
rm -f ${tombmount}/.last
|
|
echo "`date +%s`" > ${tombmount}/.last
|
|
# human readable: date --date=@"`cat .last`" +%c
|
|
|
|
|
|
# process bind-hooks (mount -o bind of directories)
|
|
# and post-hooks (execute on open)
|
|
if ! option_is_set -n ; then
|
|
exec_safe_bind_hooks ${tombmount}
|
|
exec_safe_post_hooks ${tombmount} open
|
|
fi
|
|
return 0
|
|
}
|
|
|
|
# ## Hooks execution
|
|
exec_safe_bind_hooks() {
|
|
if [[ -n ${(k)opts[-o]} ]]; then
|
|
MOUNTOPTS=${opts[-o]}
|
|
fi
|
|
local MOUNTPOINT="${1}"
|
|
local ME=${SUDO_USER:-$(whoami)}
|
|
local HOME=$(awk -v a="$ME" -F ':' '{if ($1 == a) print $6}' /etc/passwd 2>/dev/null)
|
|
if [ $? -ne 0 ]; then
|
|
_warning "How pitiful! A tomb, and no HOME."
|
|
return 1
|
|
fi
|
|
if [ -z "$MOUNTPOINT" -o ! -d "$MOUNTPOINT" ]; then
|
|
_warning "Cannot exec bind hooks without a mounted tomb."
|
|
return 1
|
|
fi
|
|
if ! [ -r "$MOUNTPOINT/bind-hooks" ]; then
|
|
_verbose "bind-hooks not found in ::1 mount point::" $MOUNTPOINT
|
|
return 1
|
|
fi
|
|
typeset -al mounted
|
|
typeset -Al maps
|
|
maps=($(<"$MOUNTPOINT/bind-hooks"))
|
|
for dir in ${(k)maps}; do
|
|
if [ "${dir[1]}" = "/" -o "${dir[1,2]}" = ".." ]; then
|
|
_warning "bind-hooks map format: local/to/tomb local/to/\$HOME"
|
|
continue
|
|
fi
|
|
if [ "${${maps[$dir]}[1]}" = "/" -o "${${maps[$dir]}[1,2]}" = ".." ]; then
|
|
_warning "bind-hooks map format: local/to/tomb local/to/\$HOME. Rolling back"
|
|
for dir in ${mounted}; do umount $dir; done
|
|
return 1
|
|
fi
|
|
if [ ! -r "$HOME/${maps[$dir]}" ]; then
|
|
_warning "bind-hook target not existent, skipping ::1 home::/::2 subdir::" $HOME ${maps[$dir]}
|
|
elif [ ! -r "$MOUNTPOINT/$dir" ]; then
|
|
_warning "bind-hook source not found in tomb, skipping ::1 mount point::/::2 subdir::" $MOUNTPOINT $dir
|
|
else
|
|
mount -o bind,$MOUNTOPTS $MOUNTPOINT/$dir $HOME/${maps[$dir]}
|
|
mounted+=("$HOME/${maps[$dir]}")
|
|
fi
|
|
done
|
|
}
|
|
|
|
# Post mount hooks
|
|
exec_safe_post_hooks() {
|
|
local mnt=$1 # first argument is where the tomb is mounted
|
|
local ME=${SUDO_USER:-$(whoami)}
|
|
if ! [ -x ${mnt}/post-hooks ]; then return; fi
|
|
# if 'post-hooks' is found inside the tomb, check it: if it is an
|
|
# executable, launch it as a user this might need a dialog for
|
|
# security on what is being run, however we expect you know well
|
|
# what is inside your tomb. this feature opens the possibility to
|
|
# make encrypted executables.
|
|
cat ${mnt}/post-hooks | head -n1 | grep '^#!/'
|
|
if [ $? = 0 ]; then
|
|
_success "Post hooks found, executing as user ::1 user name::." $SUDO_USER
|
|
exec_as_user ${mnt}/post-hooks "$2" "$1"
|
|
fi
|
|
}
|
|
|
|
# }}} - Tomb open
|
|
|
|
# {{{ List
|
|
|
|
# list all tombs mounted in a readable format
|
|
# $1 is optional, to specify a tomb
|
|
list_tombs() {
|
|
|
|
# list all open tombs
|
|
mounted_tombs=(`list_tomb_mounts $1`)
|
|
{ test ${#mounted_tombs} = 0 } && {
|
|
_failure "I can't see any ::1 status:: tomb, may they all rest in peace." ${1:-open} }
|
|
|
|
for t in ${mounted_tombs}; do
|
|
mapper=`basename ${t[(ws:;:)1]}`
|
|
tombname=${t[(ws:;:)5]}
|
|
tombmount=${t[(ws:;:)2]}
|
|
tombfs=${t[(ws:;:)3]}
|
|
tombfsopts=${t[(ws:;:)4]}
|
|
tombloop=${mapper[(ws:.:)4]}
|
|
|
|
# calculate tomb size
|
|
ts=`df -hP /dev/mapper/$mapper |
|
|
awk "/mapper/"' { print $2 ";" $3 ";" $4 ";" $5 }'`
|
|
tombtot=${ts[(ws:;:)1]}
|
|
tombused=${ts[(ws:;:)2]}
|
|
tombavail=${ts[(ws:;:)3]}
|
|
tombpercent=${ts[(ws:;:)4]}
|
|
tombp=${tombpercent%%%}
|
|
tombsince=`date --date=@${mapper[(ws:.:)3]} +%c`
|
|
|
|
# find out who opens it from where
|
|
{ test -r ${tombmount}/.tty } && {
|
|
tombtty="`cat ${tombmount}/.tty`"
|
|
tombhost="`cat ${tombmount}/.host`"
|
|
tombuid="`cat ${tombmount}/.uid`"
|
|
tombuser=`awk -F: '/:'"$tombuid"':/ {print $1}' /etc/passwd`
|
|
}
|
|
|
|
if option_is_set --get-mountpoint; then
|
|
echo $tombmount
|
|
continue
|
|
fi
|
|
# breaking up such strings is good for translation
|
|
print -n "$fg[green]$tombname"
|
|
print -n "$fg[white] open on "
|
|
print -n "$fg_bold[white]$tombmount"
|
|
print -n "$fg_no_bold[white] using "
|
|
print "$fg_bold[white]$tombfs $tombfsopts"
|
|
|
|
print -n "$fg_no_bold[green]$tombname"
|
|
print -n "$fg_no_bold[white] open since "
|
|
print "$fg_bold[white]$tombsince$fg_no_bold[white]"
|
|
|
|
{ test "$tombtty" = "" } || {
|
|
print -n "$fg_no_bold[green]$tombname"
|
|
print -n "$fg_no_bold[white] open by "
|
|
print -n "$fg_bold[white]$tombuser"
|
|
print -n "$fg_no_bold[white] from "
|
|
print -n "$fg_bold[white]$tombtty"
|
|
print -n "$fg_no_bold[white] on "
|
|
print "$fg_bold[white]$tombhost"
|
|
}
|
|
|
|
print -n "$fg_no_bold[green]$tombname"
|
|
print -n "$fg[white] size "
|
|
print -n "$fg_bold[white]$tombtot"
|
|
print -n "$fg_no_bold[white] of which "
|
|
print -n "$fg_bold[white]$tombused"
|
|
print -n "$fg_no_bold[white] used: "
|
|
print -n "$fg_bold[white]$tombavail"
|
|
print -n "$fg_no_bold[white] free ("
|
|
print -n "$fg_bold[white]$tombpercent"
|
|
print "$fg_no_bold[white] full)"
|
|
|
|
if [[ ${tombp} -ge 90 ]]; then
|
|
print -n "$fg_no_bold[green]$tombname"
|
|
print "$fg_bold[red] Your tomb is almost full!"
|
|
fi
|
|
|
|
# now check hooks
|
|
mounted_hooks=(`list_tomb_binds $tombname`)
|
|
for h in ${mounted_hooks}; do
|
|
print -n "$fg_no_bold[green]$tombname"
|
|
print -n "$fg_no_bold[white] hooks "
|
|
# print -n "$fg_bold[white]`basename ${h[(ws:;:)1]}`"
|
|
# print -n "$fg_no_bold[white] on "
|
|
print "$fg_bold[white]${h[(ws:;:)2]}$fg_no_bold[white]"
|
|
done
|
|
done
|
|
}
|
|
|
|
|
|
# print out an array of mounted tombs (internal use)
|
|
# format is semi-colon separated list of attributes
|
|
# if 1st arg is supplied, then list only that tomb
|
|
#
|
|
# String positions in the semicolon separated array:
|
|
#
|
|
# 1. full mapper path
|
|
#
|
|
# 2. mountpoint
|
|
#
|
|
# 3. filesystem type
|
|
#
|
|
# 4. mount options
|
|
#
|
|
# 5. tomb name
|
|
list_tomb_mounts() {
|
|
if [ "$1" = "" ]; then
|
|
# list all open tombs
|
|
mount -l \
|
|
| awk '
|
|
BEGIN { main="" }
|
|
/^\/dev\/mapper\/tomb/ {
|
|
if(main==$1) next;
|
|
print $1 ";" $3 ";" $5 ";" $6 ";" $7
|
|
main=$1
|
|
}
|
|
'
|
|
else
|
|
# list a specific tomb
|
|
mount -l \
|
|
| awk -vtomb="[$1]" '
|
|
BEGIN { main="" }
|
|
/^\/dev\/mapper\/tomb/ {
|
|
if($7!=tomb) next;
|
|
if(main==$1) next;
|
|
print $1 ";" $3 ";" $5 ";" $6 ";" $7
|
|
main=$1
|
|
}
|
|
'
|
|
fi
|
|
}
|
|
|
|
# list_tomb_binds
|
|
# print out an array of mounted bind hooks (internal use)
|
|
# format is semi-colon separated list of attributes
|
|
# needs an argument: name of tomb whose hooks belong
|
|
list_tomb_binds() {
|
|
if [ "$1" = "" ]; then
|
|
_failure "Internal error: list_tomb_binds called without argument."; fi
|
|
|
|
# list bind hooks on util-linux 2.20 (Debian 7)
|
|
mount -l \
|
|
| awk -vtomb="$1" '
|
|
BEGIN { main="" }
|
|
/^\/dev\/mapper\/tomb/ {
|
|
if($7!=tomb) next;
|
|
if(main=="") { main=$1; next; }
|
|
if(main==$1)
|
|
print $1 ";" $3 ";" $5 ";" $6 ";" $7
|
|
}
|
|
'
|
|
|
|
# list bind hooks on util-linux 2.17 (Debian 6)
|
|
tombmount=`mount -l \
|
|
| awk -vtomb="$1" '
|
|
/^\/dev\/mapper\/tomb/ { if($7!=tomb) next; print $3; exit; }'`
|
|
|
|
mount -l | grep "^$tombmount" \
|
|
| awk -vtomb="$1" '
|
|
/bind/ { print $1 ";" $3 ";" $5 ";" $6 ";" $7 }'
|
|
}
|
|
|
|
# }}} - Tomb list
|
|
|
|
# {{{ Index and search
|
|
|
|
# index files in all tombs for search
|
|
# $1 is optional, to specify a tomb
|
|
index_tombs() {
|
|
{ command -v updatedb >& - } || {
|
|
_failure "Cannot index tombs on this system: updatedb (mlocate) not installed." }
|
|
|
|
updatedbver=`updatedb --version | grep '^updatedb'`
|
|
[[ "$updatedbver" =~ "GNU findutils" ]] && {
|
|
_warning "Cannot use GNU findutils for index/search commands." }
|
|
[[ "$updatedbver" =~ "mlocate" ]] || {
|
|
_failure "Index command needs 'mlocate' to be installed." }
|
|
|
|
_verbose "$updatedbver"
|
|
|
|
mounted_tombs=(`list_tomb_mounts $1`)
|
|
{ test ${#mounted_tombs} = 0 } && {
|
|
if [ $1 ]; then _failure "There seems to be no open tomb engraved as [::1::]" $1
|
|
else _failure "I can't see any open tomb, may they all rest in peace."
|
|
fi
|
|
}
|
|
|
|
|
|
_success "Creating and updating search indexes."
|
|
|
|
# start the LibreOffice document converter if installed
|
|
{ command -v unoconv >& - } && {
|
|
unoconv -l 2>/dev/null &
|
|
_verbose "unoconv listener launched."
|
|
sleep 1 }
|
|
|
|
for t in ${mounted_tombs}; do
|
|
mapper=`basename ${t[(ws:;:)1]}`
|
|
tombname=${t[(ws:;:)5]}
|
|
tombmount=${t[(ws:;:)2]}
|
|
{ test -r ${tombmount}/.noindex } && {
|
|
_message "Skipping ::1 tomb name:: (.noindex found)." $tombname
|
|
continue }
|
|
_message "Indexing ::1 tomb name:: filenames..." $tombname
|
|
updatedb -l 0 -o ${tombmount}/.updatedb -U ${tombmount}
|
|
|
|
# here we use swish to index file contents
|
|
{ test $SWISH = 1 } && {
|
|
_message "Indexing ::1 tomb name:: contents..." $tombname
|
|
tmp_create
|
|
swishrc=`tmp_new`
|
|
|
|
cat <<EOF > $swishrc
|
|
# index directives
|
|
DefaultContents TXT*
|
|
IndexDir $tombmount
|
|
IndexFile $tombmount/.swish
|
|
# exclude images
|
|
FileRules filename regex /\.jp.?g/i
|
|
FileRules filename regex /\.png/i
|
|
FileRules filename regex /\.gif/i
|
|
FileRules filename regex /\.tiff/i
|
|
FileRules filename regex /\.svg/i
|
|
FileRules filename regex /\.xcf/i
|
|
FileRules filename regex /\.eps/i
|
|
FileRules filename regex /\.ttf/i
|
|
# exclude audio
|
|
FileRules filename regex /\.mp3/i
|
|
FileRules filename regex /\.ogg/i
|
|
FileRules filename regex /\.wav/i
|
|
FileRules filename regex /\.mod/i
|
|
FileRules filename regex /\.xm/i
|
|
# exclude video
|
|
FileRules filename regex /\.mp4/i
|
|
FileRules filename regex /\.avi/i
|
|
FileRules filename regex /\.ogv/i
|
|
FileRules filename regex /\.ogm/i
|
|
FileRules filename regex /\.mkv/i
|
|
FileRules filename regex /\.mov/i
|
|
# exclude system
|
|
FileRules filename is ok
|
|
FileRules filename is lock
|
|
FileRules filename is control
|
|
FileRules filename is status
|
|
FileRules filename is proc
|
|
FileRules filename is sys
|
|
FileRules filename is supervise
|
|
FileRules filename regex /\.asc$/i
|
|
FileRules filename regex /\.gpg$/i
|
|
|
|
# pdf and postscript
|
|
FileFilter .pdf pdftotext "'%p' -"
|
|
FileFilter .ps ps2txt "'%p' -"
|
|
# compressed files
|
|
FileFilterMatch lesspipe "%p" /\.tgz$/i
|
|
FileFilterMatch lesspipe "%p" /\.zip$/i
|
|
FileFilterMatch lesspipe "%p" /\.gz$/i
|
|
FileFilterMatch lesspipe "%p" /\.bz2$/i
|
|
FileFilterMatch lesspipe "%p" /\.Z$/
|
|
# spreadsheets
|
|
FileFilterMatch unoconv "-d spreadsheet -f csv --stdout %P" /\.xls.*/i
|
|
FileFilterMatch unoconv "-d spreadsheet -f csv --stdout %P" /\.xlt.*/i
|
|
FileFilter .ods unoconv "-d spreadsheet -f csv --stdout %P"
|
|
FileFilter .ots unoconv "-d spreadsheet -f csv --stdout %P"
|
|
FileFilter .dbf unoconv "-d spreadsheet -f csv --stdout %P"
|
|
FileFilter .dif unoconv "-d spreadsheet -f csv --stdout %P"
|
|
FileFilter .uos unoconv "-d spreadsheet -f csv --stdout %P"
|
|
FileFilter .sxc unoconv "-d spreadsheet -f csv --stdout %P"
|
|
# word documents
|
|
FileFilterMatch unoconv "-d document -f txt --stdout %P" /\.doc.*/i
|
|
FileFilterMatch unoconv "-d document -f txt --stdout %P" /\.odt.*/i
|
|
FileFilterMatch unoconv "-d document -f txt --stdout %P" /\.rtf.*/i
|
|
FileFilterMatch unoconv "-d document -f txt --stdout %P" /\.tex$/i
|
|
# native html support
|
|
IndexContents HTML* .htm .html .shtml
|
|
IndexContents XML* .xml
|
|
EOF
|
|
|
|
_verbose "Using swish-e to create index."
|
|
swish-e -c $swishrc -S fs -v3
|
|
rm -f $swishrc
|
|
}
|
|
|
|
_message "Search index updated."
|
|
done
|
|
}
|
|
search_tombs() {
|
|
{ command -v locate >& - } || {
|
|
_failure "Cannot index tombs on this system: updatedb (mlocate) not installed." }
|
|
|
|
updatedbver=`updatedb --version | grep '^updatedb'`
|
|
[[ "$updatedbver" =~ "GNU findutils" ]] && {
|
|
_warning "Cannot use GNU findutils for index/search commands." }
|
|
[[ "$updatedbver" =~ "mlocate" ]] || {
|
|
_failure "Index command needs 'mlocate' to be installed." }
|
|
|
|
_verbose "$updatedbver"
|
|
|
|
# list all open tombs
|
|
mounted_tombs=(`list_tomb_mounts`)
|
|
if [ ${#mounted_tombs} = 0 ]; then
|
|
_failure "I can't see any open tomb, may they all rest in peace."; fi
|
|
|
|
_success "Searching for: ::1::" ${(f)@}
|
|
for t in ${mounted_tombs}; do
|
|
_verbose "Checking for index: ::1::" ${t}
|
|
mapper=`basename ${t[(ws:;:)1]}`
|
|
tombname=${t[(ws:;:)5]}
|
|
tombmount=${t[(ws:;:)2]}
|
|
if [ -r ${tombmount}/.updatedb ]; then
|
|
|
|
# use mlocate to search hits on filenames
|
|
_message "Searching filenames in tomb ::1 tomb name::" $tombname
|
|
locate -d ${tombmount}/.updatedb -e -i "${(f)@}"
|
|
_message "Matches found: ::1 matches::" $(locate -d ${tombmount}/.updatedb -e -i -c ${(f)@})
|
|
|
|
# use swish-e to search over contents
|
|
{ test $SWISH = 1 } && { test -r $tombmount/.swish } && {
|
|
_message "Searching contents in tomb ::1 tomb name::" $tombname
|
|
swish-search -w ${=@} -f $tombmount/.swish -H0 }
|
|
|
|
else
|
|
_warning "Skipping tomb ::1 tomb name::: not indexed." $tombname
|
|
_warning "Run 'tomb index' to create indexes."
|
|
fi
|
|
done
|
|
_message "Search completed."
|
|
}
|
|
|
|
# }}} - Index and search
|
|
|
|
# {{{ Resize
|
|
|
|
# resize tomb file size
|
|
resize_tomb() {
|
|
_message "Commanded to resize tomb ::1 tomb name:: to ::2 size:: megabytes." $1 $opts[-s]
|
|
if ! [ $1 ]; then
|
|
_failure "No tomb name specified for resizing."
|
|
elif ! [ -r "$1" ]; then
|
|
_failure "Cannot find ::1::" $1
|
|
fi
|
|
# $1 is the tomb file path
|
|
|
|
newtombsize="`option_value -s`"
|
|
{ test "$newtombsize" = "" } && {
|
|
_failure "Aborting operations: new size was not specified, use -s" }
|
|
|
|
|
|
tombdir=`dirname $1`
|
|
tombfile=`basename $1`
|
|
tombname=${tombfile%%\.*}
|
|
|
|
# load key from options or file
|
|
load_key
|
|
########
|
|
|
|
local oldtombsize=$(( `stat -c %s "$1" 2>/dev/null` / 1048576 ))
|
|
local mounted_tomb=`mount -l |
|
|
awk -vtomb="[$tombname]" '/^\/dev\/mapper\/tomb/ { if($7==tomb) print $1 }'`
|
|
|
|
if [ "$mounted_tomb" ]; then
|
|
_failure "The tomb ::1 tomb name:: is open, to resize it it needs to be closed." $tombname
|
|
fi
|
|
|
|
if ! [ "$newtombsize" ] ; then
|
|
_failure "You must specify the new size of ::1 tomb name::" $tombname
|
|
elif [[ $newtombsize != <-> ]]; then
|
|
_failure "Size is not an integer."
|
|
elif [ "$newtombsize" -le "$oldtombsize" ]; then
|
|
_failure "The new size must be greater then old tomb size."
|
|
fi
|
|
|
|
delta="$(( $newtombsize - $oldtombsize ))"
|
|
|
|
_message "Generating ::1 tomb file:: of ::2 size::MiB" $tombfile $newtombsize
|
|
|
|
_verbose "Data dump using ::1:: from /dev/urandom" ${DD[1]}
|
|
${=DD} if=/dev/urandom bs=1048576 count=${delta} >> ${tombdir}/${tombfile}
|
|
|
|
{ test $? = 0 } || {
|
|
_failure "Error creating the extra resize ::1 size::, operation aborted." $tmp_resize }
|
|
|
|
if option_is_set --tomb-pwd; then
|
|
tomb_pwd="`option_value --tomb-pwd`"
|
|
_verbose "tomb-pwd = ::1 tomb pass::" $tomb_pwd
|
|
ask_key_password "$tomb_pwd"
|
|
else
|
|
ask_key_password
|
|
fi
|
|
{ test $? = 0 } || {
|
|
_failure "No valid password supplied." }
|
|
|
|
lo_mount "${tombdir}/${tombfile}"
|
|
nstloop=`lo_new`
|
|
|
|
mapdate=`date +%s`
|
|
mapper="tomb.${tombname}.${mapdate}.`basename $nstloop`"
|
|
|
|
print -n - "$tomb_secret" | \
|
|
cryptsetup --key-file - luksOpen ${nstloop} ${mapper}
|
|
|
|
if ! [ -r /dev/mapper/${mapper} ]; then
|
|
_failure "Failure mounting the encrypted file."
|
|
fi
|
|
|
|
cryptsetup resize "${mapper}"
|
|
if [ $? != 0 ]; then
|
|
_failure "cryptsetup failed to resize ::1 mapper::" $mapper
|
|
fi
|
|
|
|
e2fsck -p -f /dev/mapper/${mapper}
|
|
if [ $? != 0 ]; then
|
|
_failure "e2fsck failed to check ::1 mapper::" $mapper
|
|
fi
|
|
|
|
resize2fs /dev/mapper/${mapper}
|
|
if [ $? != 0 ]; then
|
|
_failure "resize2fs failed to resize ::1 mapper::" $mapper
|
|
fi
|
|
|
|
sleep 1 # needs to settle a bit
|
|
|
|
# close and free the loop device
|
|
cryptsetup luksClose "${mapper}"
|
|
|
|
return 0
|
|
}
|
|
|
|
# }}}
|
|
|
|
# {{{ Close
|
|
|
|
umount_tomb() {
|
|
local tombs how_many_tombs
|
|
local pathmap mapper tombname tombmount loopdev
|
|
local ans pidk pname
|
|
|
|
if [ "$1" = "all" ]; then
|
|
mounted_tombs=(`list_tomb_mounts`)
|
|
else
|
|
mounted_tombs=(`list_tomb_mounts $1`)
|
|
fi
|
|
|
|
{ test ${#mounted_tombs} = 0 } && {
|
|
_warning "There is no open tomb to be closed."
|
|
return 1 }
|
|
|
|
{ test ${#mounted_tombs} -gt 1 } && { test "$1" = "" } && {
|
|
_warning "Too many tombs mounted, please specify one (see tomb list)"
|
|
_warning "or issue the command 'tomb close all' to close them all."
|
|
return 1 }
|
|
|
|
_message "Tomb close ::1::" $1
|
|
|
|
for t in ${mounted_tombs}; do
|
|
mapper=`basename ${t[(ws:;:)1]}`
|
|
tombname=${t[(ws:;:)5]}
|
|
tombmount=${t[(ws:;:)2]}
|
|
tombfs=${t[(ws:;:)3]}
|
|
tombfsopts=${t[(ws:;:)4]}
|
|
tombloop=${mapper[(ws:.:)4]}
|
|
|
|
_verbose "Name: ::1 tomb name::" $tombname
|
|
_verbose "Mount: ::1 mount point::" $tombmount
|
|
_verbose "Mapper: ::1 mapper::" $mapper
|
|
|
|
{ test -e "$mapper" } && {
|
|
_warning "Tomb not found: ::1 tomb file::" $1
|
|
_warning "Please specify an existing tomb."
|
|
return 0 }
|
|
|
|
if [ $SLAM ]; then
|
|
_success "Slamming tomb ::1 tomb name:: mounted on ::2 mount point::" $tombname $tombmount
|
|
_message "Kill all processes busy inside the tomb."
|
|
if ! slam_tomb "$tombmount"; then
|
|
_warning "Cannot slam the tomb ::1 tomb name::" $tombname
|
|
return 1
|
|
fi
|
|
else
|
|
_message "Closing tomb ::1 tomb name:: mounted on ::2 mount point::" $tombname $tombmount
|
|
fi
|
|
|
|
# check if there are binded dirs and close them
|
|
bind_tombs=(`list_tomb_binds $tombname`)
|
|
for b in ${bind_tombs}; do
|
|
bind_mapper="${b[(ws:;:)1]}"
|
|
bind_mount="${b[(ws:;:)2]}"
|
|
_message "Closing tomb bind hook: ::1 hook::" $bind_mount
|
|
umount $bind_mount
|
|
if [[ $? != 0 ]]; then
|
|
if [ $SLAM ]; then
|
|
_success "Slamming tomb: killing all processes using this hook."
|
|
slam_tomb "$bind_mount"
|
|
if [[ $? == 1 ]]; then
|
|
_warning "Cannot slam the bind hook ::1 hook::" $bind_mount
|
|
return 1
|
|
fi
|
|
umount $bind_mount
|
|
else
|
|
_warning "Tomb bind hook ::1 hook:: is busy, cannot close tomb." $bind_mount
|
|
fi
|
|
fi
|
|
done
|
|
|
|
# Execute post-hooks for eventual cleanup
|
|
if ! option_is_set -n ; then
|
|
exec_safe_post_hooks ${tombmount%%/} close
|
|
fi
|
|
|
|
_verbose "Performing umount of ::1 mount point::" $tombmount
|
|
umount ${tombmount}
|
|
if ! [ $? = 0 ]; then _warning "Tomb is busy, cannot umount!"
|
|
else
|
|
# this means we used a "default" mount point
|
|
{ test "${tombmount}" = "/media/${tombname}.tomb" } && {
|
|
rmdir ${tombmount} }
|
|
fi
|
|
|
|
cryptsetup luksClose $mapper
|
|
{ test $? = 0 } || {
|
|
_warning "Error occurred in cryptsetup luksClose ::1 mapper::" $mapper
|
|
return 1 }
|
|
|
|
losetup -d "/dev/$tombloop"
|
|
|
|
_success "Tomb ::1 tomb name:: closed: your bones will rest in peace." $tombname
|
|
|
|
done # loop across mounted tombs
|
|
|
|
return 0
|
|
}
|
|
|
|
# Kill all processes using the tomb
|
|
slam_tomb() {
|
|
# $1 = tomb mount point
|
|
if [[ -z `fuser -m "$1" 2>/dev/null` ]]; then
|
|
return 0
|
|
fi
|
|
#Note: shells are NOT killed by INT or TERM, but they are killed by HUP
|
|
for s in TERM HUP KILL; do
|
|
_verbose "Sending ::1:: to processes inside the tomb:" $s
|
|
if option_is_set -D; then
|
|
ps -fp `fuser -m /media/a.tomb 2>/dev/null`|
|
|
while read line; do
|
|
_verbose $line
|
|
done
|
|
fi
|
|
fuser -s -m "$1" -k -M -$s
|
|
if [[ -z `fuser -m "$1" 2>/dev/null` ]]; then
|
|
return 0
|
|
fi
|
|
if ! option_is_set -f; then
|
|
sleep 3
|
|
fi
|
|
done
|
|
return 1
|
|
}
|
|
|
|
# }}} - Tomb close
|
|
|
|
# {{{ Main routine
|
|
main() {
|
|
|
|
local -A subcommands_opts
|
|
### Options configuration
|
|
#
|
|
# Hi, dear developer! Are you trying to add a new subcommand, or
|
|
# to add some options? Well, keep in mind that option names are
|
|
# global: they cannot bear a different meaning or behaviour across
|
|
# subcommands.
|
|
#
|
|
# For example, "-s" means "size" and accepts one argument. If you
|
|
# are tempted to add an alternate option "-s" (e.g., to mean
|
|
# "silent", and that doesn't accept any argument) DON'T DO IT!
|
|
#
|
|
# There are two reasons for that:
|
|
# I. Usability; users expect that "-s" is "size"
|
|
# II. Option parsing WILL EXPLODE if you do this kind of bad
|
|
# things (it will complain: "option defined more than once")
|
|
#
|
|
# If you want to use the same option in multiple commands then you
|
|
# can only use the non-abbreviated long-option version like:
|
|
# -force and NOT -f
|
|
#
|
|
main_opts=(q -quiet=q D -debug=D h -help=h v -version=v U: -uid=U G: -gid=G T: -tty=T -no-color -unsecure-dev-mode)
|
|
subcommands_opts[__default]=""
|
|
subcommands_opts[open]="f -force n -nohook=n k: -key=k -kdf: o: -ignore-swap -sudo-pwd: -tomb-pwd: "
|
|
subcommands_opts[mount]=${subcommands_opts[open]}
|
|
|
|
subcommands_opts[create]="" # deprecated, will issue warning
|
|
|
|
subcommands_opts[forge]="f -force -ignore-swap k: -key=k -kdf: o: -tomb-pwd: -use-urandom "
|
|
subcommands_opts[dig]="f -force -ignore-swap s: -size=s "
|
|
subcommands_opts[lock]="f -force -ignore-swap k: -key=k -kdf: o: -sudo-pwd: -tomb-pwd: "
|
|
subcommands_opts[setkey]="k: -key=k f -force -ignore-swap -kdf: -sudo-pwd: -tomb-old-pwd: -tomb-pwd: "
|
|
subcommands_opts[engrave]="k: -key=k "
|
|
|
|
subcommands_opts[passwd]="k: -key=k f -force -ignore-swap -kdf: -tomb-old-pwd: -tomb-pwd: "
|
|
subcommands_opts[close]="-sudo-pwd: "
|
|
subcommands_opts[help]=""
|
|
subcommands_opts[slam]=""
|
|
subcommands_opts[list]="-get-mountpoint "
|
|
|
|
subcommands_opts[index]=""
|
|
subcommands_opts[search]=""
|
|
|
|
subcommands_opts[help]=""
|
|
subcommands_opts[bury]="f -force k: -key=k -tomb-pwd: "
|
|
subcommands_opts[exhume]="f -force k: -key=k -tomb-pwd: "
|
|
# subcommands_opts[decompose]=""
|
|
# subcommands_opts[recompose]=""
|
|
# subcommands_opts[install]=""
|
|
subcommands_opts[askpass]=""
|
|
subcommands_opts[source]=""
|
|
subcommands_opts[resize]="f -force -ignore-swap s: -size=s k: -key=k -tomb-pwd: "
|
|
subcommands_opts[check]="-ignore-swap "
|
|
# subcommands_opts[translate]=""
|
|
|
|
### Detect subcommand
|
|
local -aU every_opts #every_opts behave like a set; that is, an array with unique elements
|
|
for optspec in $subcommands_opts$main_opts; do
|
|
for opt in ${=optspec}; do
|
|
every_opts+=${opt}
|
|
done
|
|
done
|
|
local -a oldstar
|
|
oldstar=($argv)
|
|
#### detect early: useful for --optiion-parsing
|
|
zparseopts -M -D -Adiscardme ${every_opts}
|
|
if [[ -n ${(k)discardme[--option-parsing]} ]]; then
|
|
echo $1
|
|
if [[ -n "$1" ]]; then
|
|
return 1
|
|
fi
|
|
return 0
|
|
fi
|
|
unset discardme
|
|
if ! zparseopts -M -E -D -Adiscardme ${every_opts}; then
|
|
_failure "Error parsing."
|
|
return 127
|
|
fi
|
|
unset discardme
|
|
subcommand=$1
|
|
if [[ -z $subcommand ]]; then
|
|
subcommand="__default"
|
|
fi
|
|
|
|
if [[ -z ${(k)subcommands_opts[$subcommand]} ]]; then
|
|
_warning "There's no such command \"::1 subcommand::\"." $subcommand
|
|
exitv=127 _failure "Please try -h for help."
|
|
fi
|
|
argv=(${oldstar})
|
|
unset oldstar
|
|
|
|
### Parsing global + command-specific options
|
|
# zsh magic: ${=string} will split to multiple arguments when spaces occur
|
|
set -A cmd_opts ${main_opts} ${=subcommands_opts[$subcommand]}
|
|
# if there is no option, we don't need parsing
|
|
if [[ -n $cmd_opts ]]; then
|
|
zparseopts -M -E -D -Aopts ${cmd_opts}
|
|
if [[ $? != 0 ]]; then
|
|
_warning "Some error occurred during option processing."
|
|
exitv=127 _failure "See \"tomb help\" for more info."
|
|
fi
|
|
fi
|
|
#build PARAM (array of arguments) and check if there are unrecognized options
|
|
ok=0
|
|
PARAM=()
|
|
for arg in $*; do
|
|
if [[ $arg == '--' || $arg == '-' ]]; then
|
|
ok=1
|
|
continue #it shouldnt be appended to PARAM
|
|
elif [[ $arg[1] == '-' ]]; then
|
|
if [[ $ok == 0 ]]; then
|
|
exitv=127 _failure "Unrecognized option ::1 arg:: for subcommand ::2 subcommand::" $arg $subcommand
|
|
fi
|
|
fi
|
|
PARAM+=$arg
|
|
done
|
|
#first parameter actually is the subcommand: delete it and shift
|
|
if [[ $subcommand != '__default' ]]; then
|
|
PARAM[1]=()
|
|
shift
|
|
fi
|
|
### End parsing command-specific options
|
|
if ! option_is_set --no-color; then
|
|
autoload colors; colors
|
|
fi
|
|
if ! option_is_set --unsecure-dev-mode; then
|
|
for opt in --sudo-pwd --tomb-pwd --use-urandom --tomb-old-pwd; do
|
|
if option_is_set $opt; then
|
|
exitv=127 _failure "You specified option ::1 option::, which is DANGEROUS and should only be used for testing\nIf you really want so, add --unsecure-dev-mode" $opt
|
|
fi
|
|
done
|
|
fi
|
|
|
|
# when we run as root, we remember the original uid:gid
|
|
# to set permissions for the calling user and drop privileges
|
|
if option_is_set -U; then _uid="`option_value -U`"; fi
|
|
if option_is_set -G; then _gid="`option_value -G`"; fi
|
|
if option_is_set -T; then _tty="`option_value -T`"; fi
|
|
|
|
[[ "$PARAM" == "" ]] && {
|
|
_verbose "Tomb command: ::1 subcommand::" $subcommand
|
|
} || {
|
|
_verbose "Tomb command: ::1 subcommand:: ::2 param::" $subcommand $PARAM
|
|
}
|
|
|
|
[[ "$_uid" == "" ]] || {
|
|
_verbose "Caller: uid[::1 uid::], gid[::2 gid::], tty[::3 tty::]." $_uid $_gid $_tty
|
|
}
|
|
|
|
case "$subcommand" in
|
|
|
|
# new creation in three steps
|
|
forge)
|
|
check_priv
|
|
forge_key ${=PARAM}
|
|
;;
|
|
dig)
|
|
dig_tomb ${=PARAM}
|
|
;;
|
|
lock)
|
|
check_priv
|
|
lock_tomb_with_key ${=PARAM}
|
|
;;
|
|
|
|
setkey)
|
|
check_priv
|
|
change_tomb_key ${=PARAM}
|
|
;;
|
|
|
|
engrave)
|
|
{ test "$QRENCODE" = 0 } && {
|
|
_failure "QREncode not installed: cannot engrave keys on paper." }
|
|
engrave_key ${=PARAM}
|
|
;;
|
|
|
|
# backward compat
|
|
create)
|
|
_warning "The create command is deprecated, please use dig, forge and lock instead."
|
|
_warning "For more informations see Tomb's manual page (man tomb)."
|
|
;;
|
|
|
|
mount|open)
|
|
check_priv
|
|
mount_tomb $PARAM[1] $PARAM[2]
|
|
;;
|
|
umount|close|slam)
|
|
check_priv
|
|
[ "$subcommand" = "slam" ] && SLAM=1
|
|
umount_tomb $PARAM[1]
|
|
;;
|
|
passwd)
|
|
change_passwd $PARAM[1]
|
|
;;
|
|
list)
|
|
list_tombs $PARAM[1]
|
|
;;
|
|
|
|
index)
|
|
index_tombs $PARAM[1]
|
|
;;
|
|
search)
|
|
search_tombs ${=PARAM}
|
|
;;
|
|
|
|
help)
|
|
usage
|
|
;;
|
|
bury)
|
|
{ test "$STEGHIDE" = 0 } && {
|
|
_failure "Steghide not installed: cannot bury keys into images." }
|
|
bury_key $PARAM[1]
|
|
;;
|
|
exhume)
|
|
{ test "$STEGHIDE" = 0 } && {
|
|
_failure "Steghide not installed: cannot exhume keys from images." }
|
|
exhume_key $PARAM[1]
|
|
;;
|
|
resize)
|
|
{ test "$RESIZER" = 0 } && {
|
|
_failure "Resize2fs not installed: cannot resize tombs." }
|
|
check_priv
|
|
resize_tomb $PARAM[1]
|
|
;;
|
|
|
|
# internal commands useful to developers
|
|
'source') return 0 ;;
|
|
askpass) ask_password $PARAM[1] $PARAM[2] ;;
|
|
|
|
__default)
|
|
_print "Tomb ::1 version:: - a strong and gentle undertaker for your secrets" $VERSION
|
|
_print "\000"
|
|
_print " Copyright (C) 2007-2014 Dyne.org Foundation, License GNU GPL v3+"
|
|
_print " This is free software: you are free to change and redistribute it"
|
|
_print " The latest Tomb sourcecode is published on <http://tomb.dyne.org>"
|
|
_print "\000"
|
|
option_is_set -v && {
|
|
_print " This source code is distributed in the hope that it will be useful,"
|
|
_print " but WITHOUT ANY WARRANTY; without even the implied warranty of"
|
|
_print " MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE."
|
|
_print " Please refer to the GNU Public License for more details."
|
|
_print "\000"
|
|
_print "System utils:"
|
|
_print "\000"
|
|
cat <<EOF
|
|
`sudo -V | head -n1`
|
|
`cryptsetup --version`
|
|
`pinentry --version`
|
|
`gpg --version | head -n1` - key forging algorithms (GnuPG symmetric ciphers):
|
|
`list_gnupg_ciphers`
|
|
EOF
|
|
return 0
|
|
}
|
|
usage
|
|
;;
|
|
*)
|
|
_warning "Command \"::1 subcommand::\" not recognized." $subcommand
|
|
_message "Try -h for help."
|
|
return 1
|
|
;;
|
|
esac
|
|
return $?
|
|
}
|
|
|
|
# }}}
|
|
|
|
# {{{ Run
|
|
check_bin
|
|
|
|
check_shm
|
|
|
|
main $@
|
|
ret=$?
|
|
if [[ $ret != 0 ]]; then #this "if" seems useless, but avoid source tomb source from exiting
|
|
exit $ret
|
|
fi
|
|
# }}}
|
|
|
|
# -*- tab-width: 4; indent-tabs-mode:nil; -*-
|
|
# vim: set shiftwidth=4 expandtab:
|